Deeplinkshttps://www.eff.org/rss/updates.xml/anonymity
EFF's Deeplinks Blog: Noteworthy news from around the internetenEFF: American Illegally Wiretapped at Home by Ethiopian Government Deserves His Day in Courthttps://www.eff.org/press/releases/american-illegally-wiretapped-home-ethiopian-government-deserves-his-day-court-eff
<div class="field field-name-field-pr-subhead field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Malware Attack Highlights Troubling Outbreak of State-Sponsored Digital Spying</div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p class="MsoNormal"><span>Washington, D.C.—Ethiopia must be held accountable in the United States for an illegal malware and digital spying attack on an American citizen, the Electronic Frontier Foundation (EFF) <a href="https://www.eff.org/document/opening-brief-appellant-kidane-v-ethiopia">told</a> a federal appeals court today in a case where a foreign government claims it is immune from liability for wiretapping a man’s Skype calls. </span></p>
<p class="MsoNormal"><span>Malicious digital surveillance and <a href="https://www.eff.org/issues/state-sponsored-malware" target="_blank">malware attacks</a> against perceived political opponents, dissidents, and journalists have become all-too-common tactics used by governments with poor human rights records, such as <a href="https://www.eff.org/deeplinks/2014/03/new-report-ethiopia-examines-shelf-surveillance-state" target="_blank">Ethiopia</a>, <a href="https://www.eff.org/wp/operation-manul" target="_blank">Kazakhstan</a>, and <a href="https://www.eff.org/deeplinks/2014/01/vietnamese-malware-gets-personal" target="_blank">Vietnam</a>. When foreign governments carry out these digital attacks on Americans in their homes, violating our wiretapping and privacy laws, their victims must be allowed to take them to court, EFF and its co-counsels said in a <a href="https://www.eff.org/document/opening-brief-appellant-kidane-v-ethiopia" target="_blank">filing</a> at the U.S. Court of Appeals for the District of Columbia Circuit.</span></p>
<p class="MsoNormal"><span>EFF, Robins Kaplan LLP, and Guernica 37: International Justice Chambers represent a Maryland man whose home computer was infected by state-sponsored malware known as <a href="https://www.eff.org/deeplinks/2012/07/elusive-finfisher-spyware-identified-and-analyzed" target="_blank">FinSpy</a>. The program recorded his private Skype calls, monitored his web searches and emails, and tracked his family’s use of the computer for weeks. Forensic analysis showed </span><span>the information was surreptitiously sent to a secret server located in Ethiopia and controlled by the Ethiopian government. EFF’s client is an Ethiopian by birth who is a U.S. citizen and</span><span> has worked with other members of the Ethiopian diaspora. The courts have allowed him to use the </span><span>pseudonym Mr. Kidane to protect himself and his family from retaliation.</span></p>
<p class="MsoNormal"></p>
<p class="MsoNormal">T<span>he spying program unleashed on Mr. Kidane was contained in an attachment to a Microsoft Word document that Mr. Kidane inadvertently opened. A government agent in Ethiopia planted the malware on the Word document, but the program to wiretap his conversations resided on his computer in Maryland and automatically began recording, with no one in Ethiopia having to pull the trigger. </span></p>
<p class="MsoNormal"><span>The Ethiopian government, which hasn’t denied it wiretapped Mr. Kidane, won dismissal of a 2014 <a href="https://www.eff.org/press/releases/american-sues-ethiopian-government-spyware-infection" target="_blank">lawsuit </a>after claiming it has immunity because the malware attack was initiated in Ethiopia and thus outside the reach of U.S. courts. It has made the <a href="https://www.eff.org/deeplinks/2014/08/eff-ethiopia-illegal-wiretapping-illegal-even-governments" target="_blank">absurd assertion</a> that spyware—marketed to repressive regimes by companies like Gamma International and <a href="https://www.eff.org/deeplinks/2015/07/hacking-team-leaks-reveal-spyware-industrys-growth" target="_blank">Hacking Team</a>—gives countries the ability to invade Americans’ homes, wiretap their conversations, violate their privacy, and face no consequences. </span></p>
<p class="MsoNormal"><span>“The court’s decision is out of step with the times and completely ignores how other laws treat computer attacks, allowing a prosecution or lawsuit to be brought where the attacked computer is. The appeals court should overturn this ruling and let Mr. Kidane have his day in court,” said EFF Executive Director Cindy Cohn, “Cybersecurity is one of the most important issues of our time, and when foreign governments invade Americans’ privacy, just as with foreign-based criminals, our laws must let victims like Mr. Kidane go to court to hold them accountable.”</span></p>
<p class="MsoNormal"><span>If a foreign state’s agent had placed a recording device in Mr. Kidane’s home or on his telephone line, Mr. Kidane could indisputably sue the government in U.S. courts, said EFF Senior Staff Attorney Nate Cardozo. The fact that Ethiopia used software instead of a person to launch a wiretap attack against Kidane in no way allows the country to evade legal liability.</span></p>
<p class="MsoNormal"><span>“Today, all governments have to do to illegally spy on people is purchase the right software,’’ said Cardozo. “The D.C. Circuit should recognize that the malware in this case took the place of a human spy, and reinstate Mr. Kidane’s lawsuit.”</span></p>
<p class="MsoNormal"><span>“Giving Ethiopia immunity for state-sponsored hacking would strip away one of the few protections Americans have against cyberattacks by foreign powers,” said Scott Gilmore, counsel at Guernica 37. “The invasion of our client’s home, through his computer, could happen to any of us. We all should have the right to seek justice.”</span></p>
<p class="MsoNormal"><span>For the brief:<br /><a href="https://www.eff.org/document/opening-brief-appellant-kidane-v-ethiopia" target="_blank">https://www.eff.org/document/opening-brief-appellant-kidane-v-ethiopia</a><br /></span></p>
<p class="MsoNormal"></p>
<p class="MsoNormal"><span> For more on <i>Kidane v. Ethiopia</i>:<br /><a href="https://www.eff.org/cases/kidane-v-ethiopia" target="_blank">https://www.eff.org/cases/kidane-v-ethiopia</a><br /></span></p>
</div></div></div><div class="field field-name-field-contact field-type-node-reference field-label-above"><div class="field-label">Contact:&nbsp;</div><div class="field-items"><div class="field-item even"><div class="ds-1col node node-profile node-promoted view-mode-node_embed clearfix">
<div class="">
<div class="field field-name-field-profile-first-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Cindy</div></div></div><div class="field field-name-field-profile-last-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Cohn</div></div></div><div class="field field-name-field-profile-title field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Executive Director</div></div></div><div class="field field-name-field-profile-email field-type-email field-label-hidden"><div class="field-items"><div class="field-item even"><a href="mailto:cindy@eff.org">cindy@eff.org</a></div></div></div> </div>
</div>
</div><div class="field-item odd"><div class="ds-1col node node-profile node-promoted view-mode-node_embed clearfix">
<div class="">
<div class="field field-name-field-profile-first-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Nate</div></div></div><div class="field field-name-field-profile-last-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Cardozo</div></div></div><div class="field field-name-field-profile-title field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Senior Staff Attorney</div></div></div><div class="field field-name-field-profile-email field-type-email field-label-hidden"><div class="field-items"><div class="field-item even"><a href="mailto:nate@eff.org">nate@eff.org</a></div></div></div> </div>
</div>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=EFF%3A%20American%20Illegally%20Wiretapped%20at%20Home%20by%20Ethiopian%20Government%20Deserves%20His%20Day%20in%20Court&amp;url=https%3A//www.eff.org/press/releases/american-illegally-wiretapped-home-ethiopian-government-deserves-his-day-court-eff&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=EFF%3A%20American%20Illegally%20Wiretapped%20at%20Home%20by%20Ethiopian%20Government%20Deserves%20His%20Day%20in%20Court&amp;u=https%3A//www.eff.org/press/releases/american-illegally-wiretapped-home-ethiopian-government-deserves-his-day-court-eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/press/releases/american-illegally-wiretapped-home-ethiopian-government-deserves-his-day-court-eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=EFF%3A%20American%20Illegally%20Wiretapped%20at%20Home%20by%20Ethiopian%20Government%20Deserves%20His%20Day%20in%20Court&amp;url=https%3A//www.eff.org/press/releases/american-illegally-wiretapped-home-ethiopian-government-deserves-his-day-court-eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Mon, 24 Oct 2016 22:46:29 +0000Karen Gullo93601 at https://www.eff.orgEFF Urges Citizens, Websites to Fight Rule Changes Expanding Government Powers to Break Into Users’ Computershttps://www.eff.org/press/releases/eff-urges-citizens-websites-fight-rule-changes-expanding-government-powers-break
<div class="field field-name-field-pr-subhead field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Changes to Rule 41 Will Greatly Increase Law Enforcement Hacking, Surveillance</div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p class="MsoNormal">San Francisco—The Electronic Frontier Foundation (EFF), the Tor Project, and dozens of other organizations are calling today on citizens and website operators to take action to block a new rule pushed by the U.S. Justice Department that would greatly expand the government’s ability to hack users’ computers and interfere with anonymity on the web.</p>
<p class="MsoNormal">EFF and over 40 partner organizations are holding a <a target="_blank" href="https://www.eff.org/deeplinks/2016/06/help-us-stop-updates-rule-41">day of action</a> for a new campaign—<a target="_blank" href="https://noglobalwarrants.org/">noglobalwarrants.org</a>—to engage citizens about the dangers of <a href="https://www.eff.org/deeplinks/2016/04/rule-41-little-known-committee-proposes-grant-new-hacking-powers-government">Rule 41</a> and push U.S. lawmakers to oppose it. The process for updating these rules—which govern federal criminal court processes—was intended to deal exclusively with procedural issues. But this year a U.S. judicial committee approved changes in the rule that will expand judicial authority to grant warrants for government hacking.</p>
<p class="MsoNormal">“The government is attempting to use a process designed for procedural changes to expand its investigatory powers,” said EFF Activism Director Rainey Reitman. “Make no mistake: these changes to Rule 41 will result in a dramatic increase in government hacking. The government is trying to avoid scrutiny and sneak these new powers past the public and Congress through an obscure administrative process.”</p>
<p class="MsoNormal">Right now, Rule 41 only authorizes federal magistrate judges to issue warrants to conduct searches in the judicial district where the magistrate is located. The <a target="_blank" href="https://www.justsecurity.org/wp-content/uploads/2014/09/proposed-amendment-rule-41.pdf">new Rule 41</a> would for the first time authorize magistrates to issue warrants when “technological means,” like <a target="_blank" href="https://www.eff.org/deeplinks/2014/07/7-things-you-should-know-about-tor">Tor</a> or virtual private networks (VPNs), are obscuring the location of a computer. In these circumstances, the rule changes would authorize warrants to remotely access, search, seize, or copy data on computers, wherever in the world they are located.</p>
<p><span>“Tor users worldwide could be affected by these new rules,” said Kate Krauss, Director of Public Policy and Communications for the <a target="_blank" href="https://www.torproject.org/">Tor Project</a>. “Tor is used by journalists, members of Congress, diplomats, and human rights activists who urgently need its protection to safeguard their privacy and security—but these rules will give the Justice Department new authority to snoop into their computers."</span><span></span></p>
<p class="MsoNormal"><span>The changes to Rule 41 would also take the unprecedented step of allowing a court to issue a warrant to hack into the computers of innocent Internet users who are themselves victims of a botnet, EFF and its partners said in a<a target="_blank" href="https://www.eff.org/document/rule-41-coalition-letter"> letter</a> to members of Congress today.</span></p>
<p><span>EFF and its partners launched noglobalwarrants.org, a campaign page outlining problems with the changes to Rule 41 and listing over 40 Internet companies, digital privacy providers, and public interest groups that support the project. The coalition is asking website owners to embed on their sites unique code that will display a banner allowing people to email members of Congress or sign a petition opposing Rule 41. The groups are also calling on citizens to speak out against Rule 41 on social media and blogs. The aim is to send a message to Congress that it should not authorize this expansion of government hacking and must reject Rule 41 changes.</span></p>
<p><span>For the coalition letter:<br /><a target="_blank" href="https://www.eff.org/document/rule-41-coalition-letter">https://www.eff.org/document/rule-41-coalition-letter</a></span></p>
<p><span>For <a target="_blank" href="https://noglobalwarrants.org/">noglobalwarrants.org</a>:<br /><a target="_blank" href="https://noglobalwarrants.org/">https://noglobalwarrants.org/</a> </span></p>
</div></div></div><div class="field field-name-field-contact field-type-node-reference field-label-above"><div class="field-label">Contact:&nbsp;</div><div class="field-items"><div class="field-item even"><div class="ds-1col node node-profile node-promoted view-mode-node_embed clearfix">
<div class="">
<div class="field field-name-field-profile-first-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Rainey</div></div></div><div class="field field-name-field-profile-last-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Reitman</div></div></div><div class="field field-name-field-profile-title field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Activism Director</div></div></div><div class="field field-name-field-profile-email field-type-email field-label-hidden"><div class="field-items"><div class="field-item even"><a href="mailto:rainey@eff.org">rainey@eff.org</a></div></div></div> </div>
</div>
</div><div class="field-item odd"><div class="ds-1col node node-profile node-promoted view-mode-node_embed clearfix">
<div class="">
<div class="field field-name-field-profile-first-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Mark</div></div></div><div class="field field-name-field-profile-last-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Rumold</div></div></div><div class="field field-name-field-profile-title field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Senior Staff Attorney</div></div></div><div class="field field-name-field-profile-email field-type-email field-label-hidden"><div class="field-items"><div class="field-item even"><a href="mailto:mark@eff.org">mark@eff.org</a></div></div></div> </div>
</div>
</div><div class="field-item even"><div class="ds-1col node node-profile view-mode-node_embed clearfix">
<div class="">
<div class="field field-name-field-profile-first-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Tor Project</div></div></div><div class="field field-name-field-profile-email field-type-email field-label-hidden"><div class="field-items"><div class="field-item even"><a href="mailto:press@torproject.org">press@torproject.org</a></div></div></div> </div>
</div>
</div><div class="field-item odd"><div class="ds-1col node node-profile view-mode-node_embed clearfix">
<div class="">
<div class="field field-name-field-profile-first-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Alexandra</div></div></div><div class="field field-name-field-profile-last-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Roose</div></div></div><div class="field field-name-field-profile-email field-type-email field-label-hidden"><div class="field-items"><div class="field-item even"><a href="mailto:alexandra@spitfirestrategies.com">alexandra@spitfirestrategies.com</a></div></div></div> </div>
</div>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=EFF%20Urges%20Citizens%2C%20Websites%20to%20Fight%20Rule%20Changes%20Expanding%20Government%20Powers%20to%20Break%20Into%20Users%E2%80%99%20Computers&amp;url=https%3A//www.eff.org/press/releases/eff-urges-citizens-websites-fight-rule-changes-expanding-government-powers-break&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=EFF%20Urges%20Citizens%2C%20Websites%20to%20Fight%20Rule%20Changes%20Expanding%20Government%20Powers%20to%20Break%20Into%20Users%E2%80%99%20Computers&amp;u=https%3A//www.eff.org/press/releases/eff-urges-citizens-websites-fight-rule-changes-expanding-government-powers-break" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/press/releases/eff-urges-citizens-websites-fight-rule-changes-expanding-government-powers-break" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=EFF%20Urges%20Citizens%2C%20Websites%20to%20Fight%20Rule%20Changes%20Expanding%20Government%20Powers%20to%20Break%20Into%20Users%E2%80%99%20Computers&amp;url=https%3A//www.eff.org/press/releases/eff-urges-citizens-websites-fight-rule-changes-expanding-government-powers-break" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Tue, 21 Jun 2016 12:48:40 +0000Karen Gullo92112 at https://www.eff.orgNewspapers’ Complaint to Consumer Agency Shouldn’t Lead to Bans on Privacy Softwarehttps://www.eff.org/deeplinks/2016/06/newspapers-complaint-consumer-agency-shouldnt-lead-bans-privacy-software
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>In an attack on ad-blocking software, the Newspaper Association of America filed a <a href="http://www.naa.org/~/media/NAACorp/Public%20Files/PublicPolicy/GovernmentAffairs/NAA%20FTC%20Complaint_5-25-16.pdf">complaint</a> with the Federal Trade Commission last week, asking the agency to ban a variety of functions, including “evading metered subscription systems and paywalls,” and ad substitution. NAA also called into question new business models that aim to replace online advertising. Newspapers are concerned about the effects that ad-blockers may have on their revenues and their ability to understand and market to their readership. But some of what NAA is asking for would threaten important and widely used privacy software, like <a href="https://www.torproject.org/">Tor </a>and EFF’s own <a href="https://www.eff.org/privacybadger">Privacy Badger</a>, and chip away at Internet users’ ability to control their own browsing experience.</p>
<p>NAA’s call to ban software that enables users to evade metered subscription systems and paywalls is the most worrisome. Regardless of the reason or effect, users should be able to employ software that provides anonymity from one website visit to the next. NAA complains that:</p>
<blockquote><p>[m]any publishers allow readers to sample high-quality content on a limited basis (e.g., 10 articles per month) and then present the reader with a subscription offer (either for digital-only or print-bundled plans). Some ad-blockers evade metered subscription services and paywalls by preventing publishers from identifying repeat visitors and making offers to consumers about their subscription services . . . By preventing publishers from identifying repeat visitors and making these offers to them, content blockers harm consumers.</p></blockquote>
<p>Internet users have many legitimate reasons to stop websites from tracking them across multiple visits. That’s why most modern browsers include a “private” or “incognito” mode. It’s also one of the important features of the <a href="https://www.torproject.org/about/overview.html.en">Tor network</a>, which is designed to allow for anonymous Internet use over time.</p>
<p>Outlawing privacy-enhancing software simply because it might interfere with the operation of some newspapers’ metered paywalls would be profoundly <i>anti-consumer</i>. The FTC, which puts considerable resources into <i>enhancing</i> consumer privacy and encouraging the development of new privacy tools, would depart from its mission if it agreed to NAA’s request.</p>
<p>Personal privacy concerns multiply when third parties affiliated with a website, such as ad networks, can track a single user across visits to different sites and build a detailed profile of that user’s activities and preferences. That’s why EFF’s <a href="https://www.eff.org/privacybadger">Privacy Badger</a> blocks a variety of third-party tracking mechanisms that can be included within a webpage. Although Privacy Badger probably doesn't interfere with the first-party "metered subscription services" in use on the websites of major US newspapers today, a new rule that outlaws efforts to avoid user tracking over time would put all browser-based privacy efforts at risk.</p>
<p>NAA is also asking federal regulators to ban “ad substitution” and to stop ad-blocking companies from advertising new business models for Web content, such as the subscription and micropayment services that <a href="https://www.brave.com/">Brave Software</a>, <a href="http://optimal.com/">Optimal</a>, and <a href="https://flattr.com/">Flattr</a> have proposed as a replacement for ads.</p>
<p>NAA alleges that ad substitution is deceptive when companies entice users with a promise of “higher quality” ads, without disclosing what “higher quality” means or that they generate revenue from the replacement ads. NAA is also concerned that “consumers will reasonably misinterpret [replacement ads] as being the editorial voice of publishers whose ads have been blocked and replaced.” A browser plugin that alters the appearance of webpages in ways that users don’t understand or consent to could be just as abusive as an ad network that profits from the surreptitious collection of users’ personal information and browsing habits. But software that changes the way pages are displayed at the user’s request, and with the user’s informed consent, should be protected and encouraged. As EFF <a href="https://www.eff.org/ja/deeplinks/2005/02/who-owns-your-desktop-you-do">wrote</a> back in 2005, “when I visit your website, and you send me a page in response, I should be able to do whatever I like to manipulate it on my end. Display it in purple, suppress images, block pop-ups, compare prices from other vendors, whatever.” Concern for the publisher’s “editorial voice” doesn’t justify taking away users’ ability to control their own browsing experience.</p>
<p>Finally, NAA claims that ad-blockers’ subscription and micropayment models are deceptive for consumers because these companies “falsely imply that payments made by consumers will make publishers whole,” that is, such payments will “offset the funds lost to blocked advertising.” It's reasonable and expected that the FTC will take action against statements that deceive consumers, but NAA's examples may not rise to that level.</p>
<p>The FTC should curb practices that deceive users with sneaky and unwanted changes to the Web experience, whether done by ad-blockers, ad networks, or others. But in so doing, the FTC must be careful not to take autonomy and control away from Internet users. Banning anonymous browsing or ad replacement, or preemptively regulating alternative models for monetizing Web publishing, would not respect user autonomy. These would send a message that website publishers, not users, should control the browser. Preemptive FTC action could also stifle thoughtful attempts to create alternatives to the advertising-driven Web, where users’ personal information is the main product on offer and incentives to violate user privacy are strong. Ad-blockers and tools like Privacy Badger put pressure on publishers and ad networks to deliver high-quality ads and avoid violations of user privacy. The FTC needs to proceed with extreme caution here to target truly deceptive and abusive practices without interfering with Internet users’ ability to protect their privacy, control their browsing experience, and be active participants in online innovation.</p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Newspapers%E2%80%99%20Complaint%20to%20Consumer%20Agency%20Shouldn%E2%80%99t%20Lead%20to%20Bans%20on%20Privacy%20Software&amp;url=https%3A//www.eff.org/deeplinks/2016/06/newspapers-complaint-consumer-agency-shouldnt-lead-bans-privacy-software&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Newspapers%E2%80%99%20Complaint%20to%20Consumer%20Agency%20Shouldn%E2%80%99t%20Lead%20to%20Bans%20on%20Privacy%20Software&amp;u=https%3A//www.eff.org/deeplinks/2016/06/newspapers-complaint-consumer-agency-shouldnt-lead-bans-privacy-software" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/06/newspapers-complaint-consumer-agency-shouldnt-lead-bans-privacy-software" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Newspapers%E2%80%99%20Complaint%20to%20Consumer%20Agency%20Shouldn%E2%80%99t%20Lead%20to%20Bans%20on%20Privacy%20Software&amp;url=https%3A//www.eff.org/deeplinks/2016/06/newspapers-complaint-consumer-agency-shouldnt-lead-bans-privacy-software" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Mon, 06 Jun 2016 23:01:34 +0000Mitch Stoltz91968 at https://www.eff.orgCommentaryAnonymityPrivacyDo Not TrackIllinois Law Requiring Sex Offenders To Report All Internet Activity Violates Free Speech Rightshttps://www.eff.org/deeplinks/2016/04/illinois-law-requiring-sex-offenders-report-all-internet-activity-violates-free
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p class="MsoNormal">With the goal of keeping tabs on sex offenders, the state of Illinois has veered way off course. Its offender registration statute requires individuals to report every nook and cranny of their online activities to law enforcement—or face jail time. Every Internet site they visit, every online retailer account they create, and every news story comment they post must be reported to police.</p>
<p class="MsoNormal"><a href="http://www.aclu-il.org/aclu-of-illinois-eff-ask-state-supreme-to-strike-down-limits-on-free-speech-in-cumbersome-sex-offender-laws/">EFF and the ACLU of Illinois</a> today <a href="https://www.eff.org/document/aclueff-minnis-amicus">asked</a> the Illinois Supreme Court to strike down these onerous requirements of the state’s Sex Offender Registration Act (SORA). The rules violate free speech rights guaranteed to all people—even unpopular people—under the Constitution.</p>
<p class="MsoNormal">The law was challenged by a Normal, Illinois, man who served 12 months of probation for a misdemeanor offense he committed as a juvenile. Several years later he was arrested and charged with a felony punishable by a year in prison because he failed to report to police a Facebook account to which he uploaded a photo. An Illinois judge last year correctly ruled that the online speech requirements of SORA were overbroad and unconstitutional. He noted that SORA has absolutely no limitation on the type of speech or communication offenders are required to report, and disregards whether the speech being targeted “is in any way related to” the purpose of the statute—which is to deter sexual offenses. The state has appealed the decision.</p>
<p class="MsoNormal">No one, not even sex offenders, should be forced to report every aspect of his or her online life to law enforcement or be prevented from speaking anonymously on the Internet. Illinois’ law requires reporting of all email addresses, usernames, and websites used, and law enforcement must make that information available to the public. Participating in political discussion groups, banking online or posting a restaurant review has no nexus with police enforcement of sex offender laws. Compelling individuals to turn over this information imposes severe burdens on speech that go way beyond what’s needed for the state to ensure sex offenders don’t offend again. As Illinois Judge Robert Freitag said in his <a href="https://www.eff.org/document/illinois-v-minnis-circuit-order">ruling</a> last year (citing a court that struck down a Nebraska law very similar to Illinois’), such online speech reporting rules clearly chill offenders “from engaging in expressive activity that is otherwise perfectly proper.” <span> </span></p>
<p class="MsoNormal">EFF and ACLU in 2012 <a target="_blank" href="https://www.eff.org/deeplinks/2013/01/free-speech-victory-court-grants-preliminary-injunction-effs-prop-35-suit">successfully</a> challenged a state ballot measure aimed at combating human trafficking that <span>restricted the legal and constitutionally protected speech of all registered sex offenders in California. We </span><a href="https://www.eff.org/deeplinks/2012/11/court-blocks-proposition-35s-restriction-anonymous-speech"><span>argued</span></a><span> that requiring registrants to turn over their online identifiers doesn't fight trafficking but rather creates a dangerous slippery slope, stoking law enforcement’s desire for accessing more and more personal data online. <span></span>A district court ruling blocking enforcement of the measure was affirmed by the U.S. Court of Appeals for the Ninth Circuit, and California chose not to appeal the case to the Supreme Court</span></p>
<p class="MsoNormal">In the Illinois case, state officials make the argument that no website is “unrelated” to the purpose of its sex offender registration law, and any physical location in which the public may encounter a sex offender is relevant to police investigations of those offenders. By that logic, sex offenders should be required to report their every move—when they take a bus, go to the post office, shop at the grocery store, or attend a meeting. The law doesn’t force offenders to report to police every place they come in contact with the public, nor should it force them to disclose everywhere they go online. <span></span>That’s not just wrong, it’s unconstitutional.</p>
</div></div></div><div class="field field-name-field-related-cases field-type-node-reference field-label-above"><div class="field-label">Related Cases:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/cases/doe-v-harris">Doe v. Harris</a></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Illinois%20Law%20Requiring%20Sex%20Offenders%20To%20Report%20All%20Internet%20Activity%20Violates%20Free%20Speech%20Rights&amp;url=https%3A//www.eff.org/deeplinks/2016/04/illinois-law-requiring-sex-offenders-report-all-internet-activity-violates-free&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Illinois%20Law%20Requiring%20Sex%20Offenders%20To%20Report%20All%20Internet%20Activity%20Violates%20Free%20Speech%20Rights&amp;u=https%3A//www.eff.org/deeplinks/2016/04/illinois-law-requiring-sex-offenders-report-all-internet-activity-violates-free" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/04/illinois-law-requiring-sex-offenders-report-all-internet-activity-violates-free" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Illinois%20Law%20Requiring%20Sex%20Offenders%20To%20Report%20All%20Internet%20Activity%20Violates%20Free%20Speech%20Rights&amp;url=https%3A//www.eff.org/deeplinks/2016/04/illinois-law-requiring-sex-offenders-report-all-internet-activity-violates-free" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Thu, 07 Apr 2016 22:28:45 +0000Karen Gullo and Sophia Cope91145 at https://www.eff.orgFree SpeechAnonymityVictory: Verizon Will Stop Tagging Customers for Tracking Without Consenthttps://www.eff.org/deeplinks/2016/03/victory-verizon-will-stop-tagging-customers-tracking-without-consent
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>Today, Verizon reached an <a href="https://transition.fcc.gov/Daily_Releases/Daily_Business/2016/db0307/DA-16-242A1.pdf">agreement with the
FCC</a> to acquire affirmative consent
before injecting their UIDH tracking header into their customers' web activity on non-Verizon owned sites. This
is <a href="https://www.eff.org/deeplinks/2014/11/verizon-x-uidh">exactly what we asked them to
do</a> in November 2014, and
is a huge win for Internet privacy. ISPs are trusted carriers of our
communications. They should be supporting individuals' privacy rights, not
undermining them.</p>
<p>Verizon started their tracking header program in 2012, but did not describe the
program in its privacy policy at that time. In 2014, EFF
<a href="https://www.eff.org/deeplinks/2014/11/verizon-x-uidh">analyzed the header</a> and
warned that it acted as an undeletable supercookie, bypassing typical steps
people take to protect their Internet privacy, like deleting cookies or
using browser extensions that <a href="https://www.eff.org/privacybadger">block unwanted tracking</a>.</p>
<p>After EFF publicized the details about the UIDH headers, and several news
organizations picked up the story, we started to receive reports that AT&amp;T was
testing a similar tracking header, on a much smaller scale. AT&amp;T did the right
thing and <a href="https://www.eff.org/deeplinks/2014/11/att-ditches-tracking-header-program-verizon-still-refuses">halted the
program</a>
in response to customer outrage.</p>
<p>In January 2015, Jonathan Mayer (who joined the FCC in November as Chief Technologist) <a href="http://webpolicy.org/2015/01/14/turn-verizon-zombie-cookie/">published a
study</a> revealing
that an advertising network named Turn was using the UIDH header to do exactly
what Verizon claimed was impossible: Resurrecting deleted tracking cookies by
using UIDH. This was particularly egregious because Turn was actually a Verizon
advertising partner.</p>
<p>Following that news, in March 2015, Verizon finally announced their intent to
implement opt-out from UIDH tracking. We stood firm on our opinion: this was a
half measure that did not take into account the invasiveness of modifying
customer traffic for non-routing purposes.</p>
<p>Today's news sets a new standard: ISP tracking is a great risk to individual
privacy, and requires a correspondingly high standard of consent.</p>
<h1>What's next</h1>
<p>This agreement covers one specific form of tracking. There are other ways ISPs
can implement the same tracking that would be much harder to detect. They
can send tracking data only to selected web sites, hindering detection by third
parties. ISPs can (and some very likely do) hide tracking data in a lower protocol layer, like TCP or IP,
setting fields that are normally random based on an agreed-upon code. Or they
could log all user browsing activity themselves and share it upon request.
Detecting these more pernicious methods will require ongoing skilled technical
work by the FCC and other watchdog organizations. Some of these methods may not
be detectable technically, but will require ongoing monitoring of ISP business
practices. We recommend the FCC continue in-depth investigations in this important area.</p>
<p>Tracking header injection isn't the only harmful way in which ISPs modify
customer traffic. Increasingly ISPs are using the same techniques to inject
advertisements or customer notices. This type of modification is both invasive
and a risk to security: it is indistinguishable technically from a
man-in-the-middle attack. We hope the FCC will make it clear to ISPs that this
is not appropriate.</p>
<p>The FCC agreement with Verizon is an important step forward for Internet privacy
within the US. However, traffic injection techniques have also been used
<a href="https://en.wikipedia.org/wiki/Phorm">outside the US</a>. Other national regulatory
agencies should take note of Verizon's opt-in requirement, and impose similar
requirements on any local ISPs using traffic injection.</p>
<p>All told, this is a great victory for everyone who uses the Internet, and we
congratulate the FCC on reaching this agreement.</p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Victory%3A%20Verizon%20Will%20Stop%20Tagging%20Customers%20for%20Tracking%20Without%20Consent&amp;url=https%3A//www.eff.org/deeplinks/2016/03/victory-verizon-will-stop-tagging-customers-tracking-without-consent&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Victory%3A%20Verizon%20Will%20Stop%20Tagging%20Customers%20for%20Tracking%20Without%20Consent&amp;u=https%3A//www.eff.org/deeplinks/2016/03/victory-verizon-will-stop-tagging-customers-tracking-without-consent" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/03/victory-verizon-will-stop-tagging-customers-tracking-without-consent" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Victory%3A%20Verizon%20Will%20Stop%20Tagging%20Customers%20for%20Tracking%20Without%20Consent&amp;url=https%3A//www.eff.org/deeplinks/2016/03/victory-verizon-will-stop-tagging-customers-tracking-without-consent" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Mon, 07 Mar 2016 21:34:57 +0000Jacob Hoffman-Andrews90708 at https://www.eff.orgAnonymityPrivacyDo Not TrackOnline Behavioral TrackingMobile devicesProtecting the Choice to Speak Anonymously Is Key to Fighting Online Harassmenthttps://www.eff.org/press/releases/protecting-choice-speak-anonymously-key-fighting-online-harassment
<div class="field field-name-field-pr-subhead field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">EFF Urges Department of Education to Uphold First Amendment Rights in University Anti-Harassment Policies</div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>San Francisco - The Electronic Frontier Foundation (EFF) urged the Department of Education today to protect university students’ right to speak anonymously online, warning that curtailing anonymous speech as part of anti-harassment regulations would not only violate the Constitution but also jeopardize important on-campus activism.</p>
<p>“Battling gender and racial harassment and threats on college campuses is vitally important,” said EFF Legal Director Corynne McSherry. “But some are calling for blanket bans on the use of platforms that allow anonymous comments, and that’s a counterproductive strategy. Online anonymity is crucial for students who fear retaliation for their political and social commentary. It helps many people avoid being targets of harassment in the first place.”</p>
<p>EFF’s <a href="/document/effs-letter-office-civil-rights">letter</a> to the Department of Education comes after a number of groups pressed for new federal guidelines for fighting online harassment. EFF agrees with the majority of the recommendations, including ensuring prompt reporting and investigation of all reports of harassment, and disciplining and/or prosecuting perpetrators. However, preemptively removing access to anonymous online speech platforms violates all students’ First Amendment rights—threatening projects like the USG Girl Mafia at the University of Southern California, where students anonymously map locations of assault reports on campus. Anonymity was also essential for student activists at Guilford College in North Carolina, who used an online form to collect anonymous testimonials about racial violence from those who felt unsafe revealing their identities.</p>
<p>Additionally, online speech bans are problematic because any technical restriction—like blocking on-campus access through the university’s wireless network, or limiting where students can access particular mobile applications or websites—will not prevent any student from going off-campus or joining another wireless network to comment anonymously.</p>
<p>“The Internet has an unmatched ability to help groups of people organize and communicate and be a force for positive social change,” said EFF Frank Stanton Legal Fellow Aaron Mackey. “Taking away choices for anonymous speech will curtail these activities without meaningfully preventing illegal harassment and threats. We urge the Department of Education to find solutions that protect all students.”</p>
<p>For the full letter to the Department of Education:<br /><a href="//www.eff.org/document/effs-letter-office-civil-rights"> https://www.eff.org/document/effs-letter-office-civil-rights</a></p>
</div></div></div><div class="field field-name-field-contact field-type-node-reference field-label-above"><div class="field-label">Contact:&nbsp;</div><div class="field-items"><div class="field-item even"><div class="ds-1col node node-profile view-mode-node_embed clearfix">
<div class="">
<div class="field field-name-field-profile-first-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Rebecca</div></div></div><div class="field field-name-field-profile-last-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Jeschke</div></div></div><div class="field field-name-field-profile-title field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Media Relations Director and Digital Rights Analyst</div></div></div><div class="field field-name-field-profile-email field-type-email field-label-hidden"><div class="field-items"><div class="field-item even"><a href="mailto:press@eff.org">press@eff.org</a></div></div></div> </div>
</div>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Protecting%20the%20Choice%20to%20Speak%20Anonymously%20Is%20Key%20to%20Fighting%20Online%20Harassment&amp;url=https%3A//www.eff.org/press/releases/protecting-choice-speak-anonymously-key-fighting-online-harassment&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Protecting%20the%20Choice%20to%20Speak%20Anonymously%20Is%20Key%20to%20Fighting%20Online%20Harassment&amp;u=https%3A//www.eff.org/press/releases/protecting-choice-speak-anonymously-key-fighting-online-harassment" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/press/releases/protecting-choice-speak-anonymously-key-fighting-online-harassment" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Protecting%20the%20Choice%20to%20Speak%20Anonymously%20Is%20Key%20to%20Fighting%20Online%20Harassment&amp;url=https%3A//www.eff.org/press/releases/protecting-choice-speak-anonymously-key-fighting-online-harassment" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Wed, 13 Jan 2016 17:38:14 +0000Rebecca Jeschke90059 at https://www.eff.orgChanges to Facebook’s "Real Names" Policy Still Don’t Fix the Problemhttps://www.eff.org/deeplinks/2015/12/changes-facebooks-real-names-policy-still-dont-fix-problem
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>In response to feedback from activist groups, including the Electronic Frontier Foundation, Facebook announced Tuesday that it would change some aspects of its real names policy. As it currently stands, the policy requires users to register what Facebook calls their “authentic identity,”—or how friends and family know them—in order to use the social network. The policy also allows users to report other users registered under alias names and gives Facebook the ability to suspend any accounts where the identity of a user is found to be “fraudulent.” This abuse system has been used to silence a broad range of users, from drag queens to Vietnamese pro-democracy activists.</p>
<p>The policy has long been opposed by marginalized groups such as ethnic minorities, abuse victims, and the LGBTQ community. In October, the Nameless Coalition, a collection of civil society organizations—including EFF—and individuals that oppose the real names policy wrote an <a href="https://www.eff.org/document/open-letter-facebook-about-its-real-names-policy">open letter</a> to Facebook asking the company to:</p>
<ul><li>Commit to allowing pseudonyms and non-legal names on the site in appropriate circumstances;</li>
<li>Require users filing real name policy abuse reports to support their claims with evidence of abusive behavior;</li>
<li>Allow users to confirm their identities without submitting government ID;</li>
<li>Give users technical details and documentation on the process of submitting identity information; and</li>
<li>Provide an appeals process for those locked out of their account.</li>
</ul><p>The first of Facebook’s announced changes is a direct response to the Nameless Coalition’s second demand: any user reporting an alias must provide additional information and context about why they are doing so. Facebook will require the user to “go through several new steps that provide more specifics about the report.”</p>
<p>The second change raises more questions. Facebook says it will test a new tool to let people provide more information about their circumstances if they are asked to verify their account name. In other words, people who are forced to verify their identity will be asked to let the social network know that they have a “special circumstance,” and give more information about their unique situation in order to justify using a pseudonym. Facebook says that this additional information will help their review teams better understand the situation.</p>
<p>This mechanism, ostensibly provided to allow people to use aliases in what Facebook judges to be an exceptional circumstance, forces those who are most vulnerable to reveal even more information about their intimate, personal lives. The only way they can use a pseudonym is to share more information, resulting in a remedy that is useless and risks putting them in a more dangerous situation should Facebook share those personal details. Consider political dissidents who use a pseudonym to protect their families and livelihoods on the ground. Providing Facebook with additional personal information and context to explain the use of a pseudonym is potentially risky, especially if Facebook collaborates with the government in question.</p>
<p>The changes and reporting tools are currently only being rolled out in the U.S. where they will not reach many of the users who need them most, but Facebook promises to expand the changes globally “based on feedback.” Facebook also mentions wanting to “reduce the number of people who have to go through an ID verification experience” and make it more “compassionate.” </p>
<p>But ultimately, the problem with Facebook's policy is a more fundamental one. The “real names” standard that Facebook uses—“a name known by friends and family”—is fundamentally misguided. No amount of tweaking will address the fact that it leaves the most vulnerable—those who cannot be open with friends and family due to real-life threats—out to dry. A victim of domestic abuse will want to use anything but a “real name.” An activist working to expose corporate or government wrongdoing depends on a pseudonym to raise awareness online, not the name their friends and family know them by.</p>
<p>These adjustments may make Facebook a friendlier platform for some users, and responding productively to user complaints is a laudable and important move. But in the end, it’s rearranging chairs on the Titanic. If Facebook really wanted to protect its users and respect their voices, they would get out of the business of gatekeeping their users’ “authentic identities” entirely. Facebook users should be free to choose whatever name they want, so long as it is not in violation of Facebook’s other policies, without having to justify it to the platform. Any policy short of this is simply misguided.</p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Changes%20to%20Facebook%E2%80%99s%20%22Real%20Names%22%20Policy%20Still%20Don%E2%80%99t%20Fix%20the%20Problem&amp;url=https%3A//www.eff.org/deeplinks/2015/12/changes-facebooks-real-names-policy-still-dont-fix-problem&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Changes%20to%20Facebook%E2%80%99s%20%22Real%20Names%22%20Policy%20Still%20Don%E2%80%99t%20Fix%20the%20Problem&amp;u=https%3A//www.eff.org/deeplinks/2015/12/changes-facebooks-real-names-policy-still-dont-fix-problem" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2015/12/changes-facebooks-real-names-policy-still-dont-fix-problem" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Changes%20to%20Facebook%E2%80%99s%20%22Real%20Names%22%20Policy%20Still%20Don%E2%80%99t%20Fix%20the%20Problem&amp;url=https%3A//www.eff.org/deeplinks/2015/12/changes-facebooks-real-names-policy-still-dont-fix-problem" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Fri, 18 Dec 2015 19:29:20 +0000Eva Galperin and Wafa Ben Hassine89827 at https://www.eff.org Facebook's New Name Policy Changes are Progress, Not Perfectionhttps://www.eff.org/deeplinks/2015/11/facebooks-new-name-policy-changes-are-progress-not-perfection
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>Facebook has responded to an October 5 <a href="https://www.eff.org/document/open-letter-facebook-about-its-real-names-policy">open letter</a> from a global coalition, including EFF, about its <a href="https://www.eff.org/deeplinks/2015/10/global-coalition-facebook-authentic-names-are-authentically-dangerous-your-users">broken “authentic name policy.”</a> Facebook’s response is a step in the right direction. It's also not the last change to the policy we’ll see, since Facebook notes “we’re making changes now and in the future.” Facebook says it “want[s] to reduce the # of people asked to verify ID.” Facebook and the Nameless Coalition share that goal, and these suggestions will help achieve it. But they still leave some users out in the cold. </p>
<p>The Nameless Coalition <a href="https://www.eff.org/document/open-letter-facebook-about-its-real-names-policy">letter</a> was signed by over 80 individuals and organizations. The signatories, which include US-based groups like the <a href="http://www.ncadv.org/">National Coalition Against Domestic Violence</a> and the ACLU as well as digital rights and human rights groups from Africa, the Americas, Europe, and Asia such as the <a href="http://internetdemocracy.in/">Internet Democracy Project, India</a>, serve different populations and work on different issues. But we all agree on one thing: Facebook should get rid of its names policy altogether. In the meantime, the letter made five concrete suggestions to Facebook about how to lessen the harm caused by the policy, and asked for a response by October 31:</p>
<blockquote><ul><li>Commit to allowing pseudonyms and non-legal names on its site in appropriate circumstances, including but not limited to situations where using an every day name would put a user in danger, or situations where local law requires the ability to use pseudonyms.</li>
<li>Require users filing real name policy abuse reports to support their claims with evidence. This could come in written form, multiple-choice questions, or some alternative documentation.</li>
<li>Create a compliance process through which users can confirm their identities without submitting government ID. This could include allowing users to submit written evidence, answer multiple-choice questions, or provide alternative documentation such as links to blog posts or other online platforms where they use the same identity.</li>
<li>Give users technical details and documentation on the process of submitting identity information such as where and how it is stored, for how long, and who can access it. Provide users with the ability to submit this information using PGP or another common form of encrypted communication, so they may protect their identity information during the submission process.</li>
<li>Provide a robust appeals process for users locked out of their accounts. This could include the ability to request a second review, to submit different types of evidence, and to speak to a real Facebook employee, especially in cases involving safety. </li>
</ul></blockquote>
<p class="TextBody">On October 30, Facebook <a href="https://www.eff.org/document/facebook-response-nameless-coalition">responded.</a></p>
<p>More on <a href="http://www.buzzfeed.com/alexkantrowitz/facebook-is-making-enforcement-changes-to-its-real-names-pol">the response</a> below. But first, it's important to remember that convincing a company that provides a service to <a href="http://www.ibtimes.com/facebook-one-out-every-five-people-earth-have-active-account-1801240">nearly 20% of the world's population</a> isn't easy. Facebook has made changes only because of user feedback and <a href="https://www.eff.org/deeplinks/2014/10/dear-facebook-sorry-start-now-lets-see-solutions">campaigns</a> like the Nameless Coalition and <a href="http://www.mynameiscampaign.org/">MyNameIs.</a> That's why we're counting this as a step in the right direction. Even though Facebook is only making small modifications over time, every change activists advocate for that gets implemented will help at least some users continue to access Facebook—and that's progress. </p>
<p><b>Timeline</b></p>
<p>Facebook specifically states that they plan on rolling out tests on these process changes in December. Many of the signatories to the letter have been informing Facebook that the name policy is a problem <a href="http://www.cnet.com/news/amid-unrest-a-hard-new-look-at-online-anonymity/">for years</a>, and some have even been <a href="http://www.mynameiscampaign.org/2015/07/mynameis-campaign-responds-to-mark-zuckerbergs-comment-about-real-names-policy/">working with Facebook</a> for over a year now to discuss specific changes, so having a timeline is important.</p>
<p>We'll keep pushing Facebook to be transparent about when people can expect any changes to roll out in their region. We'll also keep working to ensure that Facebook hears the feedback users have on these changes, and we'll do a specific follow-up once testing has started. </p>
<p><b>Changes to reporting</b></p>
<p>Since Facebook only enforces its name policy when one user reports another, it has been used to harass and silence some of Facebook's most vulnerable users. In particular, the letter and appendix pointed to a recent <a href="https://advox.globalvoices.org/2015/08/06/we-will-choke-you-how-indian-women-face-fatal-threats-on-facebook-while-trolls-roam-free/">rash of attacks</a> on Indian feminists on Facebook. They've been pushed off the site by <a href="http://jilliancyork.com/2010/04/08/on-facebook-deactivations/">targeted</a> <a href="http://www.dailydot.com/technology/realnamepolice-facebook-real-names-policy/">reporting</a> campaigns, and they're not alone.</p>
<p>This is hardly surprising, since as the coalition’s letter points out; “[a]ny user can file as many reports as they wish, as quickly as they wish, allowing targeted reporting sprees.”</p>
<p>That's why the coalition asked Facebook to “require users filing real name policy abuse reports to support their claims with evidence.” Facebook directly responded to this, and will now require “people to provide additional information about why they are reporting a profile.” This will require people to click through another list of options, which will be focused on behavior. They'll also have to fill out a text field, making the entire reporting process take longer.</p>
<p>Facebook's change responds to one of the biggest concerns expressed in the Nameless Coalition letter- that the name policy is a tool to silence people. How it will work in practice will remain to be seen.</p>
<p><b>Changes to enforcement and appeals</b></p>
<p>Once someone has been reported on Facebook, their experience trying to get back on the site may be so difficult that they give up. As Lil Miss Hot Mess of MyNameIs <a href="http://www.huffingtonpost.com/lil-miss-hot-mess/fbf-one-year-later-facebo_b_8231150.html">pointed out</a>: “many feel that they're talking to robots when in fact they're receiving canned responses from humans.” That's why the letter demanded “a robust appeals process for users locked out of their accounts,” including the ability “to speak to a real Facebook employee, especially in cases involving safety.”</p>
<p>Facebook's commitment to a new process that will allow people “to give more information about their situation and receive more personalized help throughout the confirmation process” is a very welcome change. When the need for additional assistance is identified, Facebook will channel users to a team of its most experienced staff. Instead of rehashing pre-written responses, this team must engage closely with users, and prioritize those who are in real danger, such as outed human rights activists or trans people.</p>
<p><b>Security</b></p>
<p>The coalition letter raised concerns about how Facebook protects users as they submit information to prove their identities, especially for users in authoritarian countries. In the face of <a href="https://theintercept.com/2014/03/12/nsa-plans-infect-millions-computers-malware/">revelations</a> from documents leaked by Edward Snowden that the “the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive,” these <a href="https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook">aren’t imaginary concerns</a>. Facebook is a prime target for surveillance. In response to these Snowden documents, Mark Zucerkberg <a href="http://www.theguardian.com/technology/2014/mar/13/mark-zuckerberg-facebook-us-government-surveillance">wrote</a> “ When our engineers work tirelessly to improve security, we imagine we're protecting you against criminals, not our own government.” But there’s no question that Facebook should be concerned about government surveillance—from the United States, but also from the other countries in which it operates. </p>
<p>Facebook’s response to these security concerns in the letter noted that “when people submit IDs to us, the information is encrypted.” However, this relies on the security of HTTPS, which <a href="https://www.eff.org/deeplinks/2014/12/three-vulnerabilities-rocked-online-security-world-2014-review">may not always be enough</a>, especially in an authoritarian country that could present a false Facebook certificate to the user. In fact, exactly this situation played out <a href="https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook">in Syria </a>in 2011. Adding support for more secure encryption protocols such as <a href="https://ssd.eff.org/en/module/introduction-public-key-cryptography-and-pgp">PGP</a> would provide an extra layer of protection for those who need it.</p>
<p>Facebook made one encouraging change: “IDs submitted to Facebook as part of this process will be encrypted when they are temporarily stored on our servers. The ability of our team to decrypt these IDs will expire after 30 days. The encrypted IDs will then be deleted shortly after that.”</p>
<p><b>Even with these changes, the policy still needs to go away</b></p>
<p>Of course, all of these complicated changes could be avoided if Facebook would simply get rid of the names policy. The company continues to say it keeps people safer, and even says in the letter that “[a] review of our reports from earlier this year showed that bullying, harassment or other abuse on Facebook is eight times more likely to be committed by people using names other than their own than by the rest of the Facebook community.”</p>
<p>Unfortunately, it's unclear what reports Facebook was referring to or how they decided a user was using a name other than their own. It's also unclear what sorts of abuse the company is talking about. But it seems Facebook's calculus here is off. The organizations in the Nameless Coalition have heard and shared myriad stories about how <a href="http://www.thedailybeast.com/articles/2015/05/20/how-facebook-exposes-domestic-violence-survivors.html">the name policy itself</a> seriously endangers people. Being outed in a country where your human rights activism could <a href="http://www.telegraph.co.uk/news/worldnews/middleeast/syria/8503797/Syria-tortures-activists-to-access-their-Facebook-pages.html">get you tortured</a>, for example, is clearly an incredibly dangerous situation. And Facebook still doesn't treat maliciously accusing another user of violating the names policy as harassment. Without statistics on that, Facebook can hardly claim the policy is the right solution to harassment and abuse.</p>
<p>The biggest thing missing from Facebook's response, though, is that it does not solve the problem for people who genuinely need to use a pseudonym. In fact, the response completely ignores domestic violence survivors or trans people who aren't out to everyone. For activists, it suggests that pages “may be useful to people who do not want to use their personal profiles for advocacy.” </p>
<p>But <a href="https://www.facebook.com/help/281592001947683/">pages</a> and profiles aren’t the same, either in the eyes of Facebook or other users. Pages <a href="https://www.facebook.com/help/community/question/?id=10201884828228149">can't make friend requests</a>: administrators must hope people find and like the page, which hardly makes sense for activists who are doing community organizing. Pages also can't comment on Profiles, join groups, or comment on group posts. The fact that they <a href="https://www.facebook.com/help/community/question/?id=10200239607014394">can't join groups</a> is key. Facebook has groups that facilitate incredible amounts of community—many of which are not public. Many <a href="http://www.secasa.com.au/assets/Documents/online-peer-support-for-survivors-of-sexual-assault.pdf">sexual assault</a> or domestic violence survivors, activists, <a href="http://www.glsen.org/press/study-finds-lgbt-youth-face-greater-harassment-online">LGBTQ youth,</a> and <a href="http://www.huffingtonpost.com/entry/lgbt-facebook-groups_56266915e4b0bce347024edd">trans people</a> use these groups as one of the only support systems available to them, and one of the best—and sometimes only—platforms available to <a href="http://feministajones.com/blog/help-fj-get-reinstated-on-facebook-fjisreal-action-73115-1200pm-est/">share information</a> on. For these users, Facebook would lose any real utility without the ability to fully engage in communities. Facebook should recognize this and extend its commitment to improving Facebook to all of these users.</p>
<p><b>What's next?</b></p>
<blockquote><p>We know there is more work to be done, and we want to incorporate your ongoing feedback as we continue working on this.</p></blockquote>
<p><a href="https://www.eff.org/document/facebook-response-nameless-coalition">Like Facebook</a>, the Nameless Coalition doesn't see this response as the end of the work that needs to be done to make Facebook accessible and safe for all users, regardless of their identity. In fact, it's just beginning. Facebook continues to grow.<a class="see-footnote" id="footnoteref1_0mgwf0p" title="This is especially important considering that Facebook is specifically focused on growth in India, and India is currently Facebook's second-largest market after the United States. As Facebook becomes ever-more ubiquitous there, it will either facilitate rich communication between users, or it will create new avenues for the most marginalized Indians to be repressed." href="#footnote1_0mgwf0p">1</a> As they do, they should take this opportunity to become more proactive about considering how their policies will affect users. And when they make that assessment, they should reach out to community organizations and activists around the world, and consider the many use cases, cultural, political, and linguistic contexts the signatories to the Nameless Coalition's letter represent.</p>
<p>All that being said, these changes are encouraging. None of them would have been possible without concerned activists and pressure on Facebook. And Facebook points out in its response that its data about the problems people are facing will be enhanced by these changes. That's why we plan on continuing this conversation as these changes roll out.</p>
<ul class="footnotes"><li class="footnote" id="footnote1_0mgwf0p"><a class="footnote-label" href="#footnoteref1_0mgwf0p">1.</a> This is especially important considering that Facebook is specifically focused on <a href="http://timesofindia.indiatimes.com/tech/tech-news/Facebooks-3-step-plan-to-take-over-world/articleshow/49625317.cms">growth in India</a>, and India is currently Facebook's second-largest market after the United States. As Facebook becomes ever-more ubiquitous there, it will either facilitate rich communication between users, or it will create new avenues for the most marginalized Indians to be repressed.</li>
</ul></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=%20Facebook%27s%20New%20Name%20Policy%20Changes%20are%20Progress%2C%20Not%20Perfection&amp;url=https%3A//www.eff.org/deeplinks/2015/11/facebooks-new-name-policy-changes-are-progress-not-perfection&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=%20Facebook%27s%20New%20Name%20Policy%20Changes%20are%20Progress%2C%20Not%20Perfection&amp;u=https%3A//www.eff.org/deeplinks/2015/11/facebooks-new-name-policy-changes-are-progress-not-perfection" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2015/11/facebooks-new-name-policy-changes-are-progress-not-perfection" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=%20Facebook%27s%20New%20Name%20Policy%20Changes%20are%20Progress%2C%20Not%20Perfection&amp;url=https%3A//www.eff.org/deeplinks/2015/11/facebooks-new-name-policy-changes-are-progress-not-perfection" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Thu, 05 Nov 2015 23:07:55 +0000Dia Kayyali88808 at https://www.eff.orgCommentaryPolicy AnalysisFree SpeechAnonymityDomain Registrars Have to Ask ICANN's Permission to Comply With Laws Protecting Your Privacyhttps://www.eff.org/deeplinks/2015/10/domain-registrars-have-ask-icanns-permission-comply-laws-protecting-your-privacy
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p><img src="/files/2015/10/19/icann-1.png" width="656" height="328" alt="" /></p>
<p>What happens when <a href="https://www.eff.org/issues/icann">ICANN</a>'s rules that require domain name registrars to publish domain owners' personal data in a public database, conflict with the data protection laws in countries where those registrars operate?</p>
<p>This question has come up at <a href="https://www.eff.org/issues/icann">ICANN</a>'s 54th quarterly public meeting in Dublin, which EFF is attending this week. Although much of the meeting is looking forward to future accountability and oversight mechanisms for ICANN, our attention is focused on the here and now, pointing out the impacts of current ICANN policies and proposals on the privacy and free speech rights of ordinary Internet users. This means speaking out against law enforcement and trademark interests who aim to use the domain name system for tracking and censorship—all while sacrificing user privacy. We'll be reporting back throughout the week as we do just that.</p>
<p>EFF's return to ICANN this year was prompted by <a href="https://www.eff.org/deeplinks/2015/06/changes-domain-name-rules-place-user-privacy-jeopardy">one such proposal</a>, that would have gutted the ability for users to register domain names using a proxy registration service to keep their personal contact details private. Our concerns, echoed by thousands of others including a <a href="https://www.eff.org/deeplinks/2015/07/powerful-coalition-letter-highlights-danger-icanns-new-domain-registration">powerful coalition of public figures and experts</a>, became ICANN's <a href="https://www.icann.org/en/system/files/files/report-comments-ppsai-initial-11sep15-en.pdf">largest ever public consultation</a> [PDF]. We'll be reiterating those views at a face to face meeting of ICANN's Privacy &amp; Proxy Services Accreditation Issues PDP Working Group on Wednesday.</p>
<p>But there's a <a href="https://www.eff.org/deeplinks/2015/09/eff-icann-privacy-must-be-purposeful-not-afterthought">bigger story</a> behind that particular proposal. The only reason why users even need to shelter behind a proxy registration service to protect the privacy of their personal data is that ICANN's policies requiring that data to be published in a publicly-available WHOIS database are woefully out of step with global best practices in personal data protection—and with the associated laws of many countries.</p>
<p><a href="https://www.icann.org/public-comments/iag-whois-conflicts-privacy-2015-10-05-en">Another public consultation</a> that is open until November 17 illustrates vividly the incoherence of ICANN's current policies on domain privacy in this context. The particular policy that is under review is on <a href="https://www.icann.org/public-comments/iag-whois-conflicts-privacy-2015-10-05-en">WHOIS Conflicts with Privacy Laws</a>, and the policy essentially provides that ICANN may “allow” a registry or registrar whose obligations to publish WHOIS data are in breach of locally applicable data protection law, to be exempted from those obligations—but only once the local data protection authorities have initiated enforcement proceedings against it!</p>
<p>The working group reviewing this policy has suggested that this procedure, which actively encourages parties to breach data protection law (and which has never been invoked) is too narrow. They propose that ICANN should also be able to suspend a contracted party's WHOIS obligations if they can obtain written advice from the government that their WHOIS obligations are in contravention of local law (as if governments would ever do such a thing!). A minority view suggests that obtaining an opinion from a leading local law firm should also be sufficient, or perhaps that ICANN could launch an investigation and public enquiry into the merits of suspending the party's WHOIS obligations.</p>
<p>But even the minority view misconceives how completely backward ICANN's expectations are. It shouldn't be up to registries or registrars to prove their entitlement to comply with their own locally applicable data protection law. Rather it should be for ICANN to enforce its WHOIS obligations only if it can prove that those obligations are not in contravention of its contracted parties' data protection obligations. In other words, as we point out in our submission to the consultation, sent this week, the policy:</p>
<blockquote><p>should simply affirm that contracted parties may, in good faith, self-assess their own obligations <span lang="en-US" xml:lang="en-US">under applicable local law, </span><span lang="en-US" xml:lang="en-US">and forbear from </span><span lang="en-US" xml:lang="en-US">executing contractual provisions that are in breach of those obligations. … ICANN could </span><span lang="en-US" xml:lang="en-US">[then] </span><span lang="en-US" xml:lang="en-US">obtain a legal opinion as a precondition of taking any enforcement action against a contracted party alleged to be in non-compliance with its contractual requirements for reasons unconnected with local law.</span></p></blockquote>
<p>ICANN's policy on WHOIS Conflicts with Law doesn't need to be amended, it needs to be thrown out and rewritten from scratch. But that is not enough, because even if the policy were rewritten as we suggest, that would only protect users in countries that already have enforceable data protection laws, leaving others (including Americans) out in the cold. Rather, ICANN also needs to accelerate the <a href="https://www.icann.org/public-comments/rds-prelim-issue-2015-07-13-en">complete review of its WHOIS system</a>, to bring it into line with internationally accepted data protection standards.</p>
<p>Keep reading Deeplinks throughout the week for more reports on how your privacy and free speech rights are on the line at ICANN, and what you can do to help preserve them.</p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Domain%20Registrars%20Have%20to%20Ask%20ICANN%27s%20Permission%20to%20Comply%20With%20Laws%20Protecting%20Your%20Privacy&amp;url=https%3A//www.eff.org/deeplinks/2015/10/domain-registrars-have-ask-icanns-permission-comply-laws-protecting-your-privacy&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Domain%20Registrars%20Have%20to%20Ask%20ICANN%27s%20Permission%20to%20Comply%20With%20Laws%20Protecting%20Your%20Privacy&amp;u=https%3A//www.eff.org/deeplinks/2015/10/domain-registrars-have-ask-icanns-permission-comply-laws-protecting-your-privacy" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2015/10/domain-registrars-have-ask-icanns-permission-comply-laws-protecting-your-privacy" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Domain%20Registrars%20Have%20to%20Ask%20ICANN%27s%20Permission%20to%20Comply%20With%20Laws%20Protecting%20Your%20Privacy&amp;url=https%3A//www.eff.org/deeplinks/2015/10/domain-registrars-have-ask-icanns-permission-comply-laws-protecting-your-privacy" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Mon, 19 Oct 2015 21:22:37 +0000Jeremy Malcolm88462 at https://www.eff.orgCommentaryAnonymityInternationalICANNOne Year Later, Hundreds of Tor Challenge Relays Still Activehttps://www.eff.org/deeplinks/2015/10/hundreds-tor-challenge-relays-still-active
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p><img src="https://www.eff.org/files/2015/10/09/tor-challenge-sq.png" class="align-right" height="212" width="230" />As of this month, 567 relays from our 2014 Tor Challenge are still up and running—more than were established during the <a href="https://www.eff.org/deeplinks/2011/07/eff-campaign-increases-number-tor-relays-13-4">entire inaugural Tor Challenge</a> back in 2011. To put that number in perspective, these nodes represent more than 8.5% of the <a href="https://metrics.torproject.org/networksize.html">roughly 6,500</a> public relays currently active on the entire Tor network, a system that supports more than 2-million directly connecting clients worldwide.</p>
<p>Tor is a tool that protects privacy on the Internet by routing web traffic through a series of nodes, or “relays,” creating a network of servers that act as way stations on data’s journey from point A to point B. By providing an indirect, randomized path for Web traffic, the Tor network divorces the user’s IP address (and therefore their location) from the content they are viewing. Picture a kid passing notes in class through a random series of students, as opposed to a letter sent straight to its destination: traffic routed through Tor isn’t stamped with a return address and is difficult to trace back to its sender if it’s intercepted.</p>
<p>The more relays present in the Tor network, the better traffic will be disguised as it travels through that network. This service has helped to ensure anonymity for whistleblowers and journalists handling sensitive information, domestic abuse survivors whose safety might be compromised by revealing their whereabouts, citizens of countries that actively censor the Internet, and others who don’t want to be tracked or traced online.</p>
<p>The 2014 Tor Challenge campaigned to strengthen the Tor network by encouraging people to set up new Tor nodes. We joined forces with the Free Software Foundation, Freedom of the Press Foundation, and the Tor Project, ultimately <a href="https://www.eff.org/deeplinks/2014/09/tor-challenge-inspires-1635-tor-relays">inspiring the creation of more than 1,600 new relays</a> over a period of three months.</p>
<p>We extend our thanks and congratulations to the individuals behind the 567 relays still active more than a year after the Tor Challenge’s conclusion.</p>
<p><img src="/files/2015/10/09/torchallenge-1.png" alt="tor challenge graph" height="405" width="650" /></p>
<p>As promised, we’re celebrating these privacy guardians with limited-edition t-shirts and stickers. If you see someone sporting one of these, you can thank them for helping to protect privacy on the Internet:</p>
<p><img src="/files/2015/10/09/torchallenge-shirts.jpg" alt="tor challenge shirts" height="432" width="650" /></p>
<p>And here are the stickers that folks who still have Tor nodes up will be receiving:</p>
<p><img src="/files/2015/10/09/tor_challenge_stickers1.jpg" alt="stickers" height="433" width="650" /></p>
<p>Inspired to use the Tor network? You can download and install the Tor Browser Bundle, which includes the Tor browser itself and the software needed to run it, through our handy <a href="https://ssd.eff.org/en/module/how-use-tor-mac-os-x">Surveillance Self-Defense</a> guide. The guide also has plenty of other useful information on protecting your data, secure deletion, safely attending protests, and more. Even if you’re not worried about anonymizing your own online activity, you can <a href="https://www.torproject.org/docs/tor-doc-relay.html.en">still set up your own Tor relay</a> to make everyone on the network<span>—</span><span>including some of the Internet’s most vulnerable users</span><span>—</span><span>a little safer.</span></p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=One%20Year%20Later%2C%20Hundreds%20of%20Tor%20Challenge%20Relays%20Still%20Active&amp;url=https%3A//www.eff.org/deeplinks/2015/10/hundreds-tor-challenge-relays-still-active&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=One%20Year%20Later%2C%20Hundreds%20of%20Tor%20Challenge%20Relays%20Still%20Active&amp;u=https%3A//www.eff.org/deeplinks/2015/10/hundreds-tor-challenge-relays-still-active" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2015/10/hundreds-tor-challenge-relays-still-active" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=One%20Year%20Later%2C%20Hundreds%20of%20Tor%20Challenge%20Relays%20Still%20Active&amp;url=https%3A//www.eff.org/deeplinks/2015/10/hundreds-tor-challenge-relays-still-active" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Mon, 12 Oct 2015 19:47:22 +0000Annelyse Gelman88246 at https://www.eff.orgPrivacyGlobal Coalition to Facebook: 'Authentic Names' Are Authentically Dangerous for Your Usershttps://www.eff.org/deeplinks/2015/10/global-coalition-facebook-authentic-names-are-authentically-dangerous-your-users
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>Facebook <a href="https://www.facebook.com/help/112146705538576">claims</a> its practice of forcing users to go by their "real names" (or "authentic identities" as Facebook spins it) makes the social network a safer place. In fact, the company has often claimed that the policy protects women who use the social media platform, even when faced with community advocates pointing out that the policy facilitates harassment, silencing, and even physical violence towards its most vulnerable users. EFF has been among the voices telling Facebook that its real name policy is in serious <a href="https://www.eff.org/deeplinks/2014/10/dear-facebook-sorry-start-now-lets-see-solutions">need of revisiting</a>, and we’ve heard from users across the world that they’ve been <a href="https://www.eff.org/deeplinks/2015/02/facebooks-name-policy-strikes-again-time-native-americanshttps://www.eff.org/deeplinks/2015/02/facebooks-name-policy-strikes-again-time-native-americans">kicked off the site</a> unfairly.</p>
<blockquote><p>It’s time for Facebook to provide equal treatment and protection for all who use and depend on Facebook as a central platform for online expression and communication.</p></blockquote>
<p>That’s the message 75 human rights, digital rights, LGBTQ, and women’s rights advocates have for Facebook. We’ve joined a broad global coalition to <a href="https://www.eff.org/document/open-letter-facebook-about-its-real-names-policy">send a letter</a> to Facebook explaining exactly why the policy is broken, and how Facebook can mitigate the damage it causes. We’re looking forward to seeing Facebook’s response.</p>
<p></p><center class="image-right eff_digital_voices-take_action"><a href="https://act.eff.org/action/dear-facebook-authentic-names-are-authentically-dangerous-for-your-users"><img src="https://www.eff.org/files/2015/07/22/action-button-2015.png" /></a></center>
<p><b>Our Demands</b></p>
<p>The Nameless Coalition<a class="see-footnote" id="footnoteref1_2ii2gh9" title="The Nameless Coalition includes Access, ACLU of California, EFF, Center for Democracy and Technology, Digital Rights Foundation, Pakistan, ForABetterFB, Global Voices, Human Rights Watch, the Internet Democracy Project, One World Platform, Point of View India, and Take Back the Tech. Please note that this was updated 10/7 to reflect that DRF is part of the Coalition. " href="#footnote1_2ii2gh9">1</a>, which drafted the letter, “believe[s] Facebook should get rid of its real names policy altogether,” especially considering that it <a href="http://www.reuters.com/article/2015/07/28/us-facebook-germany-pseudonyms-idUSKCN0Q21U620150728">clearly violates</a> European <a href="https://www.eff.org/deeplinks/2015/02/new-report-shows-european-data-protection-authorities-are-taking-facebooks">data protection laws</a>. In the meantime, we wanted to create demands that would “support the dignity, safety, and expressive rights of all users,” including those outside of the US and Western Europe, where users are less likely to get native language proficiency and cultural competency from Facebook, and may not have regular internet access. Our demands, which we ask Facebook to respond to by October 31, are:</p>
<blockquote><ul><li>Commit to allowing pseudonyms and non-legal names on its site in appropriate circumstances, including but not limited to situations where using an every day name would put a user in danger, or situations where local law requires the ability to use pseudonyms. </li>
</ul><ul><li>Require users filing real name policy abuse reports to support their claims with evidence. This could come in written form, multiple-choice questions, or some alternative documentation.</li>
</ul><ul><li>Create a compliance process through which users can confirm their identities without submitting government ID. This could include allowing users to submit written evidence, answer multiple-choice questions, or provide alternative documentation such as links to blog posts or other online platforms where they use the same identity.</li>
</ul><ul><li>Give users technical details and documentation on the process of submitting identity information such as where and how it is stored, for how long, and who can access it. Provide users with the ability to submit this information using PGP or another common form of encrypted communication, so they may protect their identity information during the submission process.</li>
</ul><ul><li>Provide a robust appeals process for users locked out of their accounts. This could include the ability to request a second review, to submit different types of evidence, and to speak to a real Facebook employee, especially in cases involving safety. </li>
</ul></blockquote>
<p><b>The policy now </b></p>
<blockquote><p>Under Facebook’s current policies, users create profiles using the names they use “in real life. When a user first creates a profile, Facebook does not require proof of identity.</p>
<p>Any user can easily file reports with Facebook claiming that a fellow user is violating this policy, and has no obligation to submit evidence supporting their claim. Any user can file as many reports as they wish, as quickly as they wish, allowing targeted reporting sprees. This has led to unfair application of the policy, and provides people who wish harm upon communities like ours with a dangerous and effective tool. One abuse report can silence a user indefinitely—and has.</p></blockquote>
<p>Once a user has been placed in “enforcement” due to a report, they are forced to submit ID or lose access to their account. While some users are given time to comply, we’re still receiving reports that some are kicked off the site immediately. While Facebook’s much-lauded <a href="https://www.facebook.com/chris.cox/posts/10101301777354543">announcement</a> that it was <a href="https://www.eff.org/deeplinks/2014/10/dear-facebook-sorry-start-now-lets-see-solutions">modifying its policy</a> did expand the way users can comply, as we point out in the letter:</p>
<blockquote><p>[T]he types of ID that Facebook asks for in the “report abuse” process, whether issued by a government or private entity, do not necessarily feature a person’s nickname or “real life” name—especially for transgender people and others who modify their names to protect themselves from harm. ID from a private institution is also often linked to a person’s legal identity and government-issued identification number.</p>
<p> This process can put users who use a name other than their legal name for safety or privacy purposes in real danger. In some cases Facebook has reinstated accounts with the legal name of users who have submitted government-issued ID in accordance with Facebook’s policies, exposing them to abusive former partners, politically-motivated attacks, and threats of real-life violence.</p></blockquote>
<p> In an <a href="https://www.eff.org/document/appendix-october-5-2015-coalition-letter-facebook">appendix </a>to the letter, we provide a disturbing sample of personal stories (including some from signatories to the letter) that demonstrate exactly how these harms happen.</p>
<p><b>How Facebook’s policy fails users</b></p>
<p>There’s no doubt that reporting can—and has been—used to silence users. Facebook <a href="http://jilliancyork.com/2010/04/08/on-facebook-deactivations/">groups have been created</a> specifically for the purpose of reporting accounts, and in Vietnam government supporters have organized <a href="http://www.theverge.com/2014/9/2/6083647/facebook-s-report-abuse-button-has-become-a-tool-of-global-oppression">reporting sprees</a> against political activists. Feminist activists from India recently faced a focused reporting attack specifically aimed at <a href="https://advox.globalvoices.org/2015/08/06/we-will-choke-you-how-indian-women-face-fatal-threats-on-facebook-while-trolls-roam-free/">silencing their voices</a> on the social media giant—a problem compounded by Facebook’s continued failure to provide culturally competent support staff.</p>
<p>The policy has also been used to push out <a href="https://www.eff.org/deeplinks/2015/02/facebooks-name-policy-strikes-again-time-native-americans">Native Americans</a>, people using <a href="http://irishpost.co.uk/what-is-facebooks-problem-with-irish-names/">traditional Irish and Scottish names</a>, <a href="https://www.washingtonpost.com/news/acts-of-faith/wp/2015/08/27/facebook-wouldnt-let-a-catholic-priest-use-the-title-father-now-hes-fighting-back/">Catholic clergy</a>, <a href="http://thinkprogress.org/lgbt/2015/07/03/3676827/facebook-transgender-real-name-policy/">transgender people</a>, <a href="http://www.dailydot.com/lifestyle/facebook-demands-drag-queens-change-names/">drag queens,</a> and <a href="http://www.sfweekly.com/sanfrancisco/whore-next-door-facebook-sex-work-drag-queens/Content?oid=3226693">sexworkers</a>. LGBTQ users <a href="http://www.dailydot.com/technology/facebook-real-name-policy-ethiopian-lgbt-activist/">outside the US</a> have been kicked off due to the policy. Even <a href="https://medium.com/@zip/my-name-is-only-real-enough-to-work-at-facebook-not-to-use-on-the-site-c37daf3f4b03">Facebook employees</a> have been kicked off the platform, and the policy has placed <a href="http://www.thedailybeast.com/articles/2015/05/20/how-facebook-exposes-domestic-violence-survivors.html.">domestic violence survivors</a> and targets of harassment in danger by restoring suspended accounts with legal names, allowing their attackers to find them. For even more detailed stories, check out the <a href="https://www.eff.org/document/appendix-october-5-2015-coalition-letter-facebook">appendix</a> to our letter to Facebook. </p>
<p><b>Join us</b></p>
<p>In addition to our coalition letter to Facebook, we’ve created an <a href="https://act.eff.org/action/dear-facebook-authentic-names-are-authentically-dangerous-for-your-users">open petition</a> to Facebook in support of our demands. <a href="https://act.eff.org/action/dear-facebook-authentic-names-are-authentically-dangerous-for-your-users">Sign on</a>, and we’ll deliver the signatures on October 30<sup>th</sup>, in advance of the deadline for a response from Facebook. With your help, we can make sure Facebook is truly a safe and accessible place for those who truly make it a rich community: women and girls, human rights activists, LGBTQ people, domestic violence survivors, targets of harassment, and more.</p>
<p><b>The bottom line: we won’t stop advocating</b></p>
<blockquote><p>We look forward to working with Facebook to develop concrete and meaningful changes to its name policy and would welcome the opportunity to participate in strengthening these policies to ensure the rights and free speech of all Facebook users. But we are also dealing with communities that have had their ability to communicate with each other decimated by this policy…<strong>Our communities recognize the common injury this policy currently inflicts and we will not stop advocating until fundamental changes are made</strong>.</p></blockquote>
<p> </p>
<p> </p>
<div><br clear="all" /></div>
<ul class="footnotes"><li class="footnote" id="footnote1_2ii2gh9"><a class="footnote-label" href="#footnoteref1_2ii2gh9">1.</a> The Nameless Coalition includes Access, ACLU of California, EFF, Center for Democracy and Technology, Digital Rights Foundation, Pakistan, ForABetterFB, Global Voices, Human Rights Watch, the Internet Democracy Project, One World Platform, Point of View India, and Take Back the Tech. Please note that this was updated 10/7 to reflect that DRF is part of the Coalition. </li>
</ul></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Global%20Coalition%20to%20Facebook%3A%20%27Authentic%20Names%27%20Are%20Authentically%20Dangerous%20for%20Your%20Users&amp;url=https%3A//www.eff.org/deeplinks/2015/10/global-coalition-facebook-authentic-names-are-authentically-dangerous-your-users&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Global%20Coalition%20to%20Facebook%3A%20%27Authentic%20Names%27%20Are%20Authentically%20Dangerous%20for%20Your%20Users&amp;u=https%3A//www.eff.org/deeplinks/2015/10/global-coalition-facebook-authentic-names-are-authentically-dangerous-your-users" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2015/10/global-coalition-facebook-authentic-names-are-authentically-dangerous-your-users" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Global%20Coalition%20to%20Facebook%3A%20%27Authentic%20Names%27%20Are%20Authentically%20Dangerous%20for%20Your%20Users&amp;url=https%3A//www.eff.org/deeplinks/2015/10/global-coalition-facebook-authentic-names-are-authentically-dangerous-your-users" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Mon, 05 Oct 2015 15:35:01 +0000Dia Kayyali88137 at https://www.eff.orgCall To ActionAnonymityPrivacyUpdate on First Unitarian Church v. NSA: EFF's First Amendment Challenge to NSA Spyinghttps://www.eff.org/deeplinks/2015/09/update-eff-case-arguing-nsa-spying-violated-groups-first-amendment-rights
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p class="MsoNormal">EFF has long believed that the First Amendment is as important to thinking about the NSA's spying as the Fourth Amendment. When the government can track to whom you talk, when and for how long, like it did with the telephone records collection under section 215 of the Patriot Act, it knows with whom you associate. When it tracks who talks to politically active organizations, it scares people out of participating in the political and social issues of the day. </p>
<p class="MsoNormal">So what's the status of our flagship case raising those First Amendment concerns, <a href="https://www.eff.org/cases/first-unitarian-church-los-angeles-v-nsa"><i>First Unitarian Church of Los Angeles v. NSA</i></a>? How does the passage of the USA Freedom Act change what could happen to that case? We thought it was time for a short update. </p>
<p class="MsoNormal"><strong>Refresher on the <em>First Unitarian Church</em> Case</strong></p>
<p class="MsoNormal"><i>First Unitarian Church</i> is one of several cases brought by EFF and others challenging the constitutionality of the NSA’s call records program, conducted by the federal government under the purported authority of the USA Patriot Act.<span> </span>Those other cases, including <a href="https://www.eff.org/cases/smith-v-obama"><i>Smith v. Obama</i></a>, <a href="https://www.eff.org/cases/klayman-v-obama"><i>Klayman v. Obama</i></a>, and <a href="https://www.eff.org/cases/aclu-v-clapper"><i>ACLU v. Clapper</i></a>, primarily advance as constitutional arguments that the NSA program violates the Fourth Amendment’s guarantee against search and unreasonable seizure. ACLU v. Clapper also had a statutory claim, which was the basis for their win in the Second Circuit in June.</p>
<p class="MsoNormal">In <i>First Unitarian Church</i>, EFF represents 24 diverse organizations whose claims center on the fact that the NSA’s mass telephone records program also violates their First Amendment rights of freedom of speech and association. It's based on the seminal case of <a href="https://supreme.justia.com/cases/federal/us/357/449/case.html"><i>NAACP v. Alabama</i></a>, where the Supreme Court prohibited Alabama from obtaining NAACP membership records, recognizing that to do so would infringe on the First Amendment rights of the NAACP and it members to associate anonymously. The NSA’s mass collection of phone records, similarly reveals who associates with EFF's clients, groups such as the <a href="https://www.cair.com/">Council on American Islamic Relations</a>, <a href="https://ssdp.org/">Students for Sensible Drug Policy</a>, and <a href="https://www.calguns.net/">Calguns</a>, a California gun owners association. EFF <a href="https://www.eff.org/deeplinks/2014/01/deep-dive-first-unitarian-church-v-nsa-why-freedom-association-matters">previously detailed</a> this claim, and we backed it up with well-documented evidence showing that the call records program discouraged individuals from associating with our clients, and vice-versa, thereby frustrating their missions. EFF knows that <a href="https://www.eff.org/deeplinks/2014/06/eff-statement-todays-article-intercept">one of our clients was targeted</a> for its political activity in a flagrant violation of the First Amendment. Further, the government’s <a href="https://www.eff.org/files/2014/01/23/final_report_1-23-14.pdf">own review</a> of the NSA program backed up our clients' claims, finding that it infringed people’s First Amendment rights.</p>
<p class="MsoNormal">Importantly, our case seeks a remedy for past violations of the law as well as an order preventing future violations.</p>
<p><strong>What's Going on Now and Is the Case Going to be Moot Soon?</strong></p>
<p>First, the evidence keeps on coming. Last week, we filed formal <a href="https://www.eff.org/deeplinks/2015/09/eff-filings-show-phone-companies-participation-nsa-spying-no-state-secret">evidence in court</a> confirming what everyone already knows: that Verizon, Verizon Wireless, Sprint, and AT&amp;T participated in the NSA’s mass telephone records program along with Verizon Business which was the subject of the first Snowden revelation. This was needed because the government claims it has not acknowledged which carriers participated, and therefore our case has to be dismissed because our clients cannot demonstrate they were harmed. </p>
<p>Otherwise, <em>First Unitarian Church</em> has sadly been stalled in the District Court. We have a fully briefed summary judgment motion on the First Amendment and the government cross-moved to dismiss the case. But we have been waiting for a hearing date since 2013. We've made several attempts to get one scheduled only to be denied by the court.</p>
<p class="MsoNormal">In the meantime, of course, Congress passed <a href="https://www.eff.org/deeplinks/2015/05/usa-freedom-act-passes-what-we-celebrate-what-we-mourn-and-where-we-go-here">the USA FREEDOM Act.</a> The new law gives the government until the end of November to end its telephone records program in its current form, replacing it with one where the records rest with the companies and are sought via a "specific selection term," a phrase that isn't very well defined in the law, making us and many others nervous that the new spying will be nearly as broad as the old spying. Courts in other cases, including <em>Klayman</em> and <em>ACLU</em>, have asked if the new law addresses the various plaintiffs' complaints about the call records program, thus rendering those cases over, or what the law calls "moot," since the specific program being challenged has ended. Since those cases only seek to end the telephone records program, and haven't demanded past damages in a way that the law allows (what lawyers call a "perfected" request), has Congress effectively ended those cases as of November? We'll see how the courts handle that question soon.</p>
<p class="MsoNormal">But even if the ongoing record collection is over, the question of a remedy for the American people for the government's unlawful collection of telephone records for the past 13 years has not been mooted in <em>First Unitarian</em>. We don't think the government should get a free pass just because Congress finally stepped in to stop the mass collection, and we look forward to seeking full accountability from the court.</p>
</div></div></div><div class="field field-name-field-related-cases field-type-node-reference field-label-above"><div class="field-label">Related Cases:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/cases/smith-v-obama">Smith v. Obama</a></div><div class="field-item odd"><a href="/cases/jewel">Jewel v. NSA</a></div><div class="field-item even"><a href="/cases/first-unitarian-church-los-angeles-v-nsa">First Unitarian Church of Los Angeles v. NSA</a></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Update%20on%20First%20Unitarian%20Church%20v.%20NSA%3A%20EFF%27s%20First%20Amendment%20Challenge%20to%20NSA%20Spying&amp;url=https%3A//www.eff.org/deeplinks/2015/09/update-eff-case-arguing-nsa-spying-violated-groups-first-amendment-rights&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Update%20on%20First%20Unitarian%20Church%20v.%20NSA%3A%20EFF%27s%20First%20Amendment%20Challenge%20to%20NSA%20Spying&amp;u=https%3A//www.eff.org/deeplinks/2015/09/update-eff-case-arguing-nsa-spying-violated-groups-first-amendment-rights" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2015/09/update-eff-case-arguing-nsa-spying-violated-groups-first-amendment-rights" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Update%20on%20First%20Unitarian%20Church%20v.%20NSA%3A%20EFF%27s%20First%20Amendment%20Challenge%20to%20NSA%20Spying&amp;url=https%3A//www.eff.org/deeplinks/2015/09/update-eff-case-arguing-nsa-spying-violated-groups-first-amendment-rights" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Fri, 18 Sep 2015 21:45:59 +0000Aaron Mackey87845 at https://www.eff.orgLegal AnalysisAnonymityNSA SpyingPowerful Coalition Letter Highlights Danger of ICANN’s New Domain Registration Proposal https://www.eff.org/deeplinks/2015/07/powerful-coalition-letter-highlights-danger-icanns-new-domain-registration
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>EFF has joined 46 organizations and 105 individuals to oppose a new domain registration <a href="https://gnso.icann.org/en/issues/raa/ppsai-initial-05may15-en.pdf">proposal</a> in front of the Internet Corporation for Assignment of Names and Numbers (ICANN). From Academy Award-winning documentary film director <a href="http://www.praxisfilms.org/">Laura Poitras</a> to the <a href="http://www.womensorganizations.org/">National Council of Women's Organizations</a> to <a href="http://chaynpakistan.org/">Chayn</a>, an organization that works to combat domestic violence in Pakistan, the vast array of organizations and individuals signed on to this letter reflects just how <a href="https://www.eff.org/deeplinks/2015/06/changes-domain-name-rules-place-user-privacy-jeopardy">misguided this proposal</a> is. We hope ICANN will reject the flawed proposal, which comes from a smaller ICANN Working Group, especially in light of this unified opposition.</p>
<p>ICANN is the nonprofit corporation that oversees the global domain name system, and it sets the policies that govern domain name registrar companies. Every domain name has an entry in the public <a href="https://en.wikipedia.org/wiki/WHOIS">WHOIS</a> database that anyone can view, and it includes, at the least, a name, mailing address, and phone number.</p>
<p>Domain registrants have long been able to use domain <a href="https://en.wikipedia.org/wiki/Domain_privacy">privacy services</a>, sometimes called proxy registration. When using a privacy service, the service’s own contact information appears in the WHOIS database instead of the domain owner’s. The Working Group’s new proposal would require privacy services to turn over the domain registrant’s private contact information or even list that information in the public database, based on a mere accusation of copyright or trademark infringement—no court order required.</p>
<p>Even worse, a few members of the Working Group would like ICANN to ban privacy services entirely for websites that are used for a “commercial purpose”—which is broadly defined and includes “handling online financial transactions for commercial purpose.”</p>
<p>As the <a href="https://www.eff.org/document/july-2015-letter-icann">coalition letter</a> points out, this proposal threatens a wide range of people who have good reason to want to keep their information private:</p>
<blockquote><ul><li>women indie game developers who sell products through their own online stores</li>
<li>freelance journalists and authors who market their work online</li>
<li>small business owners who run stores or businesses from their homes</li>
<li>activists who take donations to fund their work, especially those living under totalitarian regimes</li>
<li>people who share personal stories online to crowdfund medical procedures</li>
</ul></blockquote>
<p>Even without the ban on privacy for “commercial” websites, the proposal creates serious privacy problems for website owners. Accusations of <a href="https://www.eff.org/issues/intellectual-property">copyright and trademark infringement</a> are easy to make and <a href="https://www.eff.org/wp/unintended-consequences-16-years-under-dmca">easy to abuse</a>, and the working group proposal doesn’t impose any consequences for false or abusive accusations.</p>
<p>The danger posed by having a home address made public is <a href="http://www.wired.com/2015/07/unassuming-web-proposal-make-harassment-easier/">serious</a>:</p>
<blockquote><p>"Doxing" is the malicious practice of obtaining someone's personal information (e.g. home address, phone number, etc) and making that information more readily and widely available. Doxing makes possible a wide range of crowdsourced harassment and intimidation, which includes everything from unwanted pizza deliveries to unrelenting barrages of rape and death threats.</p></blockquote>
<p>And as Katherine Cross, a sociologist specializing in research on online harassment and gender in virtual worlds <a href="http://feministing.com/2015/07/02/icannt-even-new-internet-standards-could-make-doxing-easier-than-ever/">points out</a>, “A WHOIS search is by no means the only way to dox someone, but we should be making it <i>harder</i> to acquire such information, not greasing the skids… Would-be doxers don’t need help from the Internet’s custodians.”</p>
<p>She’s absolutely right. Doxing and other forms of harassment that involve the use of someone’s home address <a href="https://www.eff.org/deeplinks/2015/01/facing-challenge-online-harassment">can be profoundly damaging</a> to the free speech and privacy rights of the people targeted—and these types of harassment are frequently used to intimidate and silence the most marginalized groups. Privacy isn’t a philosophical question. For some, it's a <a href="http://www.wired.com/2015/07/unassuming-web-proposal-make-harassment-easier/">matter of access</a> to the Internet, especially for those who need it most. That’s often women, minorities, and people with unpopular political views.</p>
<p>That’s why we’re excited to have such a broad coalition signed on to this letter. Digital rights groups like <a href="https://www.fightforthefuture.org/">Fight for the Future</a> and EFF have signed on alongside a plethora of anti-domestic violence advocacy and women’s rights organizations from around the world. Celebrities like Chris Kluwe, Ashley Judd and <a href="http://amandapalmer.net/home/">Amanda Palmer</a> have joined voices with Internet luminaries like Richard Stallman, president of the <a href="http://www.fsf.org/">Free Software Foundation</a>, and Harvard Professor <a href="http://futureoftheinternet.org/blog/">Jonathan Zittrain</a>. The signatories also include <a href="https://www.torproject.org/">the Tor Project </a>and <a href="https://wickr.com/">Wickr</a>, recognizing that real security and anonymity would be impossible for many should this proposal become policy.</p>
<p>Who <i>does</i> support this proposal? Certainly not everyone in ICANN, or even most of the Working Group. The Noncommercial Stakeholders Group, which is part of the Working Group, is fighting to keep strong privacy protections in the policy. And most of the Working Group opposes the idea of treating “commercial” domains differently. The Working Group’s report notes:</p>
<blockquote><p>The WG agrees that the status of a registrant as a commercial organization, non-commercial organization, or individual should not be the driving factor in whether [privacy and proxy] services are available to the registrant. Fundamentally, P/P services should remain available to registrants irrespective of their status as commercial or non-commercial organizations or as individuals.</p></blockquote>
<p>We agree. No special treatment of "commercial" domains is warranted. The Working Group should stay the course on rejecting that distinction.</p>
<p>In fact, as we’ve already pointed out, this proposal seems to be almost exclusively supported by the entertainment industry and major commercial brands, who say that they need to be able to discover the identities of website owners on request, without a court order, in order to enforce their trademarks and copyrights.</p>
<p>This isn’t necessary. Copyright and trademark infringement can be investigated using existing legal processes, like subpoenas, under a court’s supervision. While court oversight isn’t a perfect system in any country, it generally provides for notice to those whose privacy is threatened, a way for them to challenge a loss of privacy, and avenues of appeal. The working group proposal would give entertainment companies and commercial brands a cheaper and potentially faster way to get the identities of website owners, but those entities already have ample tools that are less prone to abuse.</p>
<p>You can read the whole letter and see the signatories <a href="https://www.eff.org/document/july-2015-letter-icann">here</a>. ICANN hasn’t made any decision on this proposal yet, so it’s important that they hear from lots of different people and organizations who may be affected. That’s why we’re proud to join this coalition letter, and that’s why you should submit your own comments to ICANN today, the last day of the public comment period. You can make yourself heard by signing the petition at <a href="https://www.savedomainprivacy.org/">https://www.savedomainprivacy.org/</a>. With your help, the proposal to create barriers to privacy, or even ban it altogether for some websites, won’t advance any further.</p>
<p>Ultimately, whether ICANN adopts this proposal comes down to a very simple question: what does ICANN care about more? The safety and security of vulnerable Internet users, or a little expediency for corporate trademark and copyright holders?</p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Powerful%20Coalition%20Letter%20Highlights%20Danger%20of%20ICANN%E2%80%99s%20New%20Domain%20Registration%20Proposal%20&amp;url=https%3A//www.eff.org/deeplinks/2015/07/powerful-coalition-letter-highlights-danger-icanns-new-domain-registration&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Powerful%20Coalition%20Letter%20Highlights%20Danger%20of%20ICANN%E2%80%99s%20New%20Domain%20Registration%20Proposal%20&amp;u=https%3A//www.eff.org/deeplinks/2015/07/powerful-coalition-letter-highlights-danger-icanns-new-domain-registration" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2015/07/powerful-coalition-letter-highlights-danger-icanns-new-domain-registration" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Powerful%20Coalition%20Letter%20Highlights%20Danger%20of%20ICANN%E2%80%99s%20New%20Domain%20Registration%20Proposal%20&amp;url=https%3A//www.eff.org/deeplinks/2015/07/powerful-coalition-letter-highlights-danger-icanns-new-domain-registration" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Tue, 07 Jul 2015 15:35:16 +0000Mitch Stoltz and Dia Kayyali86731 at https://www.eff.orgCopyright TrollsAnonymityInternationalICANNChanges to Domain Name Rules Place User Privacy in Jeopardyhttps://www.eff.org/deeplinks/2015/06/changes-domain-name-rules-place-user-privacy-jeopardy
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>TG Storytime is a free community website for transgender authors, operated by Joe Six-Pack, himself a transgender author and publisher. If you look up the registration details of Joe's domain tgstorytime.com using the WHOIS application, you get this result:</p>
<p><code>Registrant Name: Registration Private<br />
Registrant Organization: Domains By Proxy, LLC<br />
Registrant Street: DomainsByProxy.com<br />
Registrant Street: 14747 N Northsight Blvd Suite 111, PMB 309<br />
Registrant City: Scottsdale<br />
Registrant State/Province: Arizona<br />
Registrant Postal Code: 85260<br />
Registrant Country: United States<br />
Registrant Phone: +1.4806242599</code></p>
<p>Of course, these aren't Joe's actual contact details, since there are many reasons why Joe may not want those private details to be made freely available. Instead, Joe uses a proxy registration service that fulfils the rules of ICANN (the global domain name authority) that contact information be available for all domains, while keeping his actual details private. If anyone really needs to know Joe's physical address or telephone number, they can apply for a court order or subpoena requiring his privacy service to disclose them.</p>
<p>At least, that is how it works now. But <a href="https://gnso.icann.org/en/issues/raa/ppsai-initial-05may15-en.pdf">under a proposal</a> [PDF] currently being considered by ICANN, that may all change. It is proposed that domains used for commercial purposes might no longer be eligible to use proxy registration services. Is TG Storytime used for commercial purposes? Well, Joe currently covers the site's expenses, but also notes that “ads and donations may be used in the future to cover costs”, and sites that run ads have <a href="https://domainskate.com/google-adsense-operation-at-forefront-of-udrp-over-samsunghug-com-domain/">been judged as commercial</a> in domain name disputes. If a similar broad definition is adopted by ICANN, Joe might well be forced to give up his privacy if he begins to run ads on his site.</p>
<p>Joe is far from alone. <a href="https://forum.icann.org/lists/comments-ppsai-initial-05may15/threads.html">Thousands of responses</a> have already been received by ICANN on this topic from others who are concerned about how the proposed policy change will affect them. Amongst them is a message from one user who wrote:</p>
<blockquote><p>I'm a single female and live alone. I don't want my personal address available to every pervert/troll/angered citizen that wants it after visiting my small website. Seemingly innocent topics, like vegan cooking, can spark outrage in certain individuals.</p></blockquote>
<p>This change is being pushed by US entertainment companies, who <a href="https://www.eff.org/document/steve-metalitz-testimony-icann-0">told Congress</a> in March that privacy for domain registration should be allowed only in “limited circumstances.” These and other companies want new tools to discover the identities of website owners whom they want to accuse of copyright and trademark infringement, preferably without a court order. They don't need a new mechanism for this—subpoenas for discovery of the identities of website owners <a href="http://www.cyberslapp.org/documents/mcmannvdoememotoquash.pdf">do regularly issue</a> [PDF]. The limited value of this change is manifestly outweighed by the risks to website owners who will suffer a higher risk of harassment, intimidation and identity theft. The ability to speak anonymously protects people with unpopular or marginalized opinions, allowing them to speak and be heard without fear of harm. It also protects whistleblowers who expose crime, waste, and corruption. That's why EFF opposes the new proposal to roll back anonymity.</p>
<p>If you agree, there are many ways in which you can let ICANN know your views. Between now and July 7th, you can send your comments by email to <a href="mailto:comments-ppsai-initial-05may15@icann.org">comments-ppsai-initial-05may15@icann.org</a>. You can also support a <a href="http://www.savedomainprivacy.org/sign-the-petition/">petition</a> that a coalition of companies and concerned individuals have established at <a href="http://www.savedomainprivacy.org/">savedomainprivacy.org</a>, or use the <a href="https://www.respectourprivacy.com/">phone and email tool</a> of another coalition at <a href="https://www.respectourprivacy.com/">respectourprivacy.com</a>, both of which EFF supports.</p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Changes%20to%20Domain%20Name%20Rules%20Place%20User%20Privacy%20in%20Jeopardy&amp;url=https%3A//www.eff.org/deeplinks/2015/06/changes-domain-name-rules-place-user-privacy-jeopardy&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Changes%20to%20Domain%20Name%20Rules%20Place%20User%20Privacy%20in%20Jeopardy&amp;u=https%3A//www.eff.org/deeplinks/2015/06/changes-domain-name-rules-place-user-privacy-jeopardy" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2015/06/changes-domain-name-rules-place-user-privacy-jeopardy" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Changes%20to%20Domain%20Name%20Rules%20Place%20User%20Privacy%20in%20Jeopardy&amp;url=https%3A//www.eff.org/deeplinks/2015/06/changes-domain-name-rules-place-user-privacy-jeopardy" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Wed, 24 Jun 2015 02:00:46 +0000Jeremy Malcolm and Mitch Stoltz86472 at https://www.eff.orgCall To ActionCommentaryAnonymityInternationalICANNU.N. Special Rapporteur Calls Upon States to Protect Encryption and Anonymity Onlinehttps://www.eff.org/deeplinks/2015/06/un-special-rapporteur-calls-upon-states-protect-encryption-and-anonymity-online
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p dir="ltr">Last Thursday, David Kaye, the U.N's newest free speech watchdog, released a <a href="http://www.ohchr.org/EN/HRBodies/HRC/RegularSessions/Session29/Documents/A.HRC.29.32_AEV.doc">groundbreaking report</a> calling upon states to promote strong encryption and anonymity. Kaye assumed the <a href="http://www.ohchr.org/EN/Issues/FreedomOpinion/Pages/OpinionIndex.aspx">role of Special Rapporteur</a> for Freedom of Expression in August 2014, and this, his first report, will be presented at the <a href="http://www.ohchr.org/EN/HRBodies/HRC/RegularSessions/Session29/Pages/29RegularSession.aspx">29th regular session</a> of the United Nations Human Rights Council in Geneva mid-June.</p>
<p dir="ltr">His analysis comes at a key moment. The ability to communicate anonymously and to use encryption is more important than ever and the Rapporteur rightly notes that privacy is a gateway for freedom of opinion and expression, saying:</p>
<blockquote><p dir="ltr">“Encryption and anonymity, today’s leading vehicles for online security, provide individuals with a means to protect their privacy, empowering them to browse, read, develop and share opinions and information without interference and enabling journalists, civil society organizations, members of ethnic or religious groups, those persecuted because of their sexual orientation or gender identity, activists, scholars, artist and others to exercise the rights to freedom of expression and opinion.” </p>
</blockquote>
<p dir="ltr">We strongly agree.</p>
<p dir="ltr">Moreover, these critical tools are increasingly under attack by states around the world, with little understanding of the human rights consequences. We’ve learned from Edward Snowden about<a href="https://www.eff.org/files/2014/01/03/cryptowarsonepagers-1_cac.pdf"> the NSA’s long-standing</a> systematic effort to sabotage the encryption used by individuals and businesses around the world. At the same time, several governments are seeking new powers (or threatening) to force companies to provide government access to encrypted communications in their products or services (<a href="http://www.independent.co.uk/life-style/gadgets-and-tech/news/whatsapp-and-snapchat-could-be-banned-under-new-surveillance-plans-9973035.html">United Kingdom</a>, <a href="https://www.eff.org/deeplinks/2014/10/eff-response-fbi-director-comeys-speech-encryption">United States</a>).</p>
<p dir="ltr">Some states forbid anonymity in their constitutions (<a target="_blank" href="https://www.eff.org/deeplinks/2015/02/marco-civil-devil-detail">Brazil</a>, Venezuela); others have attempted to outlaw the use of pseudonyms (Vietnam), block the use of anonymity tools (<a target="_blank" href="https://globalvoicesonline.org/2015/02/25/belarus-bans-tor-and-other-anonymizers/">Belarus</a>), require mandatory registration for blogging (<a target="_blank" href="https://www.eff.org/files/2015/02/10/unanonymity-encryption-eff.pdf">Russia</a>), or compel SIM card and device registration. Yet more have proposed or have implemented compulsory data retention regimes that can strip anonymity from most users (<a target="_blank" href="https://www.eff.org/deeplinks/2014/12/pyrawebs-paraguayans-rise-against-mandatory-data-retention">Paraguay</a>, <a href="http://www.digitalrightslac.net/es/la-retencion-de-datos-en-colombia-una-de-las-mas-largas-del-mundo/">Colombia</a>, <a target="_blank" href="https://www.eff.org/deeplinks/2014/08/australia-and-mexico-must-overhaul-data-retention-mandates">Mexico</a>, <a target="_blank" href="http://www.cnet.com/au/news/mandatory-data-retention-laws-pass-parliament/">Australia</a>, and some <a target="_blank" href="https://edri.org/hungarian-data-retention-case-org-pi-and-scholars-file-amicus-briefs/">European countries</a>).</p>
<p dir="ltr">While anonymity and encryption have both been misrepresented solely as a tool for criminal behavior, the report helps clarify the broad range of essential functions encryption and anonymity play in a free and democratic society. The report emphasizes the role they play in a lesser noticed “right to hold opinions without interference,” noting that this right is absolute, unlike other rights that may be restricted by law or other power. The Rapporteur notes, rightly, that people hold their opinions digitally, saving their views and their search and browse histories, making the link between the absolutely right to hold opinions and the need to secure the media that hold them. Kaye also notes the other rights implicated by encryption and anonymity: </p>
<blockquote><p dir="ltr">“Encryption and anonymity, and the security concepts behind them, provide the privacy and security necessary for the exercise of the right to freedom of opinion and expression in the digital age. Such security may be essential for the exercise of other rights, including economic rights, privacy, due process, freedom of peaceful assembly and association, and the right to life and bodily integrity.”</p>
</blockquote>
<p dir="ltr">Kaye’s report recommends that member states:</p>
<ul><li dir="ltr">
<p dir="ltr">Promote strong encryption and anonymity. National laws should recognize that individuals are free to protect the privacy of their digital communications by using encryption technology and tools that allow anonymity online.</p>
</li>
</ul><ul><li dir="ltr">
<p dir="ltr">Include provisions (legislation and regulations) enabling access and support to use technologies to secure human rights defenders and journalist communications.</p>
</li>
</ul><ul><li dir="ltr">
<p dir="ltr">Prohibit restrictions on encryption and anonymity, which facilitate and often enable the rights to freedom of opinion and expression. Blanket prohibitions fail to be necessary and proportionate.</p>
</li>
</ul><ul><li dir="ltr">
<p dir="ltr">Avoid all measures that weaken the security that individuals may enjoy online, such as backdoors, weak encryption standards and key escrows. On backdoors he echoes the points raised by the security community noting that: “a backdoor, even if intended solely for government access, can be accessed by unauthorized entities, including other States or non-State actors. Given its widespread and indiscriminate impact, back-door access would affect, disproportionately, all online users.”</p>
</li>
</ul><ul><li dir="ltr">
<p dir="ltr">Refrain from making the identification of users a condition for access to digital communications and online services and requiring SIM card registration for mobile users.</p>
</li>
</ul><ul><li dir="ltr">
<p dir="ltr">Court-ordered decryption, subject to domestic and international law, may only be permissible when it results from transparent and publicly accessible laws applied solely on a targeted, case-by-case basis to individuals (i.e., not to a mass of people) and subject to judicial warrant and the protection of due process rights of individuals.</p>
</li>
</ul><p dir="ltr">Kaye also rejects data retention mandates, embraces the <a target="_blank" href="https://www.manilaprinciples.org">Manila Principles</a> on intermediary liability and the <a target="_blank" href="https://necessaryandproportionate.org/text">13 Necessary and Proportionate Principles</a> that EFF helped draft. The report also call upon companies to:</p>
<ul><li dir="ltr">
<p dir="ltr">Review their own corporate policies that restrict encryption and anonymity (including through the use of pseudonyms).</p>
</li>
</ul><p dir="ltr">This is a great list. With this powerful first report, Special Rapporteur David Kaye builds upon the legacy of Frank La Rue, the previous rapporteur whose work on the intersection between privacy and freedom of expression provided important context to the Snowden leaks in the international human rights community. We hope countries and companies will adopt Kayes’ recommendations, taking a stand for strong encryption and anonymous speech instead of constantly working to undermine them.</p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=U.N.%20Special%20Rapporteur%20Calls%20Upon%20States%20to%20Protect%20Encryption%20and%20Anonymity%20Online&amp;url=https%3A//www.eff.org/deeplinks/2015/06/un-special-rapporteur-calls-upon-states-protect-encryption-and-anonymity-online&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=U.N.%20Special%20Rapporteur%20Calls%20Upon%20States%20to%20Protect%20Encryption%20and%20Anonymity%20Online&amp;u=https%3A//www.eff.org/deeplinks/2015/06/un-special-rapporteur-calls-upon-states-protect-encryption-and-anonymity-online" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2015/06/un-special-rapporteur-calls-upon-states-protect-encryption-and-anonymity-online" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=U.N.%20Special%20Rapporteur%20Calls%20Upon%20States%20to%20Protect%20Encryption%20and%20Anonymity%20Online&amp;url=https%3A//www.eff.org/deeplinks/2015/06/un-special-rapporteur-calls-upon-states-protect-encryption-and-anonymity-online" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Fri, 05 Jun 2015 19:15:30 +0000Katitza Rodriguez86163 at https://www.eff.orgCommentaryAnonymityInternationalMandatory Data RetentionPrivacyFederal Anti-SLAPP Bill Introduced in the Househttps://www.eff.org/deeplinks/2015/05/federal-anti-slapp-bill-introduced-house
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p class="MsoNormal"><em>UPDATE: The House Judiciary Committee plans to hold a <a href="https://judiciary.house.gov/hearing/examining-h-r-2304-speak-free-act/">hearing</a> on June 22, 2016, on the SPEAK FREE Act. This comes a year after 33 organizations, including EFF, <a href="http://www.anti-slapp.org/wp-content/uploads/2015/06/SPEAKFREEAct-LetterofSupport_June15_FINAL.pdf">sent a letter in June 2015</a> to the House Judiciary Committee leadership urging them to move the SPEAK FREE Act as quickly as possible. Supporters of the bill are now seeking SLAPP victims to sign a letter to the House Judiciary Committee Chairman. If you have been a victim of a SLAPP, please consider <a href="https://docs.google.com/forms/d/18XJedzLbXP1A9aMFn1fW5GxSKR6pkTRPbhCL9lkh2ow/viewform?c=0&amp;w=1">sharing your story</a> and signing the letter. <br /></em></p>
<p class="MsoNormal">A <a href="https://farenthold.house.gov/news/documentsingle.aspx?DocumentID=398727">bipartisan group</a> of representatives, including <span>Reps. Blake Farenthold (R-TX) and Anna Eshoo (D-CA), recently introduced</span> the <a href="https://www.congress.gov/bill/114th-congress/house-bill/2304/text">SPEAK FREE Act of 2015</a> (H.R. 2304), a bill that would help protect victims of Strategic Lawsuits Against Public Participation, also known as SLAPPs.</p>
<p class="MsoNormal">Plaintiffs who bring SLAPPS are not primarily interested in winning the lawsuits. Instead, their goal is to <a href="http://www.casp.net/sued-for-freedom-of-speech-california/what-is-a-first-amendment-slapp/">harass, intimidate, and ultimately silence critics</a> through the drama, cost and time-consuming nature of litigation. Anti-SLAPP laws provide defendants with a procedural mechanism to quickly dismiss the case and, often, to obtain attorneys fees, thereby creating a disincentive for plaintiffs to file harassing lawsuits that target speech.</p>
<p class="MsoNormal">EFF has followed for a long time the problem of <a href="https://www.eff.org/issues/cyberslapp">SLAPPs in the online space</a>, including against speakers who wish to remain anonymous. There are <a href="http://www2.itif.org/2015-anti-slapp.pdf?_ga=1.124876803.84766906.1432071597">all kinds of SLAPPs</a> brought against <a href="http://www.anti-slapp.org/slapp-shots/">all kinds of defendants</a>. In one case, EFF defended the creator of the online comic <a href="https://www.eff.org/deeplinks/2012/07/case-federal-anti-slapp-statute">The Oatmeal</a> after he was sued for defamation for <span>criticizing the rival humor website FunnyJunk.</span></p>
<p class="MsoNormal"><span>The most significant aspect of the SPEAK FREE Act is the breadth of its applicability. The bill would authorize the transfer of cases originally brought in state court to federal court. This “removal” authority would be beneficial to defendants who are sued in state court in the </span><a href="http://www.anti-slapp.org/your-states-free-speech-protection/"><span>22 states</span></a><span> that do not have an anti-SLAPP law, as well as in states with weaker anti-SLAPP laws. Authorizing the removal of cases to federal court would be a powerful means of enabling SLAPP defendants to invoke the federal procedural defense created by the SPEAK FREE Act.</span></p>
<p class="MsoNormal"><span>A federal anti-SLAPP law would also significantly advance the free speech interests of defendants originally sued in federal court. A federal anti-SLAPP law is needed because state anti-SLAPP laws do not apply to cases in federal court based on <i>federal law</i>. For cases in federal court that include some or all <i>state law claims</i>, there is a split in precedent: the </span><a href="http://www.cadc.uscourts.gov/internet/opinions.nsf/5B050339AFB57A9D85257E3100552532/$file/13-7171-1549030.pdf"><span>DC Circuit</span></a><span>, for example, said that DC’s local anti-SLAPP law cannot be applied to cases in federal court that are based on state law; whereas, </span><a href="http://popehat.com/2015/04/28/lawsplainer-why-the-d-c-circuits-anti-slapp-ruling-is-important/"><span>other circuits</span></a><span> have said that state anti-SLAPP laws can be applied to state claims in federal court cases. A federal anti-SLAPP law would apply to all relevant cases filed in (or removed to) federal court.</span></p>
<p class="MsoNormal">Once a case is in federal court, the SPEAK FREE Act would allow a SLAPP defendant to quickly end the case by filing a special motion to dismiss. Importantly, <span>the bill would also provide protection for a SLAPP defendant who wishes to remain anonymous by authorizing the filing of a motion to quash a plaintiff’s request for the defendant’s personally identifying information (such a request is usually sent to an online service provider).</span></p>
<p class="MsoNormal">In the special motion to dismiss, the defendant would have to make “a <span>prima facie showing that the claim at issue arises from an oral or written statement or other expression by the defendant that was made in connection with an official proceeding or about a matter of public concern.”</span></p>
<p class="MsoNormal"><span>A “matter of public concern” is broadly defined as an issue related to health or safety; environmental, economic, or community well-being; the government; a public official or public figure; or a good, product, or service in the marketplace. The intent is to protect a wide variety of speakers, including online reviewers who find themselves as defendants in the typical modern SLAPP.</span></p>
<p class="MsoNormal"><span>In order to overcome the motion to dismiss and enable the case to move forward, the plaintiff would have to demonstrate that “the claim is likely to succeed on the merits.”</span></p>
<p class="MsoNormal"><span>The judge would be able to consider the “pleadings and affidavits stating the facts on which the liability or defense is based,” similar to the </span><a href="https://www.law.cornell.edu/rules/frcp/rule_56"><span>summary judgment</span></a><span> standard in federal court. The judge would also be permitted to order targeted discovery if needed to decide the motion to dismiss, but full discovery would be paused (“stayed”) during the consideration of the motion.</span></p>
<p class="MsoNormal"><span>If the defendant wins the special motion to dismiss, the judge would be required to dismiss the case with prejudice (the plaintiff cannot file the case again) and award the defendant reasonable attorneys fees, litigation costs, and expert witness fees. However, if the defendant loses the motion and the judge finds that it was “frivolous” or was “solely intended to cause unnecessary delay,” the judge would have to award reasonable attorneys fees, litigation costs, and expert witness fees to the plaintiff.</span></p>
<p class="MsoNormal"><span>The judge would be required to rule on the special motion to dismiss within 30 days of the motion being briefed or argued. The idea is to force a speedy resolution when a case implicates free speech interests. The party that loses the motion would be permitted to immediately appeal the decision.</span></p>
<p class="MsoNormal"><span>The bill includes some exceptions where a defendant would not be permitted to file a special motion to dismiss the case: when the plaintiff brings a claim in the public interest; when the plaintiff is the government in an enforcement action; and when the defendant is a business being sued for speech about its product or service or that of a competitor (such as false advertising).</span></p>
<p class="MsoNormal"><span>A federal anti-SLAPP law would be an important addition to existing constitutional and statutory law that protects free speech online, including the Supreme Court’s creation of the higher </span><a href="https://www.law.cornell.edu/supremecourt/text/376/254"><span>actual malice</span></a><span> standard under the First Amendment for allegations of defamation of public officials and public figures; courts’ application of the First Amendment to protect </span><a href="https://www.eff.org/deeplinks/2014/07/eff-asks-virginias-supreme-court-take-anonymous-speech-seriously"><span>anonymous speakers</span></a><span>; and </span><a href="https://www.eff.org/issues/bloggers/legal/liability/230"><span>Section 230</span></a><span>, which largely protects Internet intermediaries from being held liable for illegal content posted by their users.</span></p>
<p class="MsoNormal"><span>EFF applauds the bipartisan effort of the representatives who introduced the SPEAK FREE Act. We hope Congress will quickly act on this important legislation.</span><span></span></p>
<p class="MsoNormal"><i><span>Disclosure: I am on the board of directors of the </span></i><a href="http://www.anti-slapp.org/about/staff/"><i><span>Public Participation Project</span></i></a><i><span>, which advocates for a federal anti-SLAPP law.</span></i></p>
</div></div></div><div class="field field-name-field-related-cases field-type-node-reference field-label-above"><div class="field-label">Related Cases:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/cases/carreon-v-inman">Carreon v. Inman</a></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Federal%20Anti-SLAPP%20Bill%20Introduced%20in%20the%20House&amp;url=https%3A//www.eff.org/deeplinks/2015/05/federal-anti-slapp-bill-introduced-house&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Federal%20Anti-SLAPP%20Bill%20Introduced%20in%20the%20House&amp;u=https%3A//www.eff.org/deeplinks/2015/05/federal-anti-slapp-bill-introduced-house" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2015/05/federal-anti-slapp-bill-introduced-house" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Federal%20Anti-SLAPP%20Bill%20Introduced%20in%20the%20House&amp;url=https%3A//www.eff.org/deeplinks/2015/05/federal-anti-slapp-bill-introduced-house" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Fri, 22 May 2015 01:43:39 +0000Sophia Cope85987 at https://www.eff.orgLegislative AnalysisFree SpeechAnonymityCyberSLAPPData Retention Law Passes in Australia, but the Fight Isn’t Overhttps://www.eff.org/deeplinks/2015/04/data-retention-law-passes-australia-fight-isnt-over
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p class="MsoNormal">Mandatory data retention legislation is never a good idea, which is why EFF has vigorously opposed it in the <a href="https://www.eff.org/issues/mandatory-data-retention/us">United States</a>, where Congress tried and failed to pass it in 2009. That year, two ill-conceived bills would have required all Internet providers and operators of Wi-Fi access points to keep records on Internet users for at least two years to assist police investigations. Nevertheless, governments around the world, individually, and in concert, continue to argue that the stockpiling of the private, personal data of entire populations become a global norm. It's a constant battle, but one with some clear victories, most notably in the <a href="https://www.eff.org/issues/mandatory-data-retention/eu">European Union</a>, and most recently in <a href="https://www.eff.org/deeplinks/2014/12/pyrawebs-paraguayans-rise-against-mandatory-data-retention">Paraguay</a>. The latest setback in the global fight against data retention has been in Australia, which, despite widespread opposition from <a href="https://www.alliance.org.au/warrant-system-leaves-journalists-and-press-freedom-in-the-dark">journalists</a>, <a href="https://privacy.electronworkshop.com.au/">activists</a> and <a href="https://stopthespies.org/">the general public</a>, passed a comprehensive data retention bill this month.</p><p>What’s wrong with mandatory data retention? Most ISPs and telecommunications companies give subscribers an IP address that changes periodically. Mandatory data retention proposals force ISPs and telecommunications providers to keep records of their IP address allocations for a certain period of time. This allows law enforcement to ask ISPs and telecom providers to identify an individual on the basis of who had a given IP address at a particular date and time. Government mandated data retention impacts millions of ordinary users compromising online anonymity that is crucial for whistle-blowers, investigators, journalists, and those engaging in political speech. National data retention laws are invasive, costly, and damage the right to privacy and free expression. They compel ISPs and telecommunications companies to create large databases of information about who communicates with whom via Internet or phone, the duration of the exchange, and the users’ location. These regimes require that your IP address be collected and retained for every step you make online. Privacy risks increase as these databases become vulnerable to theft and accidental disclosure. Service providers must absorb the expense of storing and maintaining these large databases and often pass these costs on to consumers.</p><p>And why is the Australian data retention bill particularly bad? Let us count the ways. The Australian Parliament passed amendments to the Telecommunications (Interception and Access) Act 1979 requiring telecommunication service providers to retain for two years certain telecommunications metadata prescribed by regulations. Don’t be fooled by the argument that it’s “just metadata.” Even if the content of your communication is protected, metadata can be <a href="https://www.eff.org/deeplinks/2013/06/why-metadata-matters">extremely revealing</a>. In the United States, former Director of the National Security Agency Gen. Michael Hayden has gone on the record stating “We kill people based on metadata.” It’s also implementing a data collection regime that has been soundly discredited in the European Union’s courts.</p><p>Ars Technica’s Glyn Moody <a href="http://arstechnica.com/tech-policy/2015/03/australian-government-minister-dodge-new-data-retention-law-like-this/">writes</a>:</p><blockquote>The two-year retention period equals the maximum allowed under the EU's earlier Data Retention Directive that was <a href="http://arstechnica.com/tech-policy/2014/04/eu-high-court-strikes-down-metadata-collection-law/">struck down</a> last year by the Court of Justice of the European Union for being "a wide-ranging and particularly serious interference with the fundamental rights to respect for private life and to the protection of personal data."</blockquote><p>The Australian government was able to win this vote with the cooperation of the main opposition Labor party when they added a requirement to use special "journalist information warrants" for access to journalists’ metadata. Those protections are laughably weak. For example, the law uses a very narrow definition of what constitutes a journalist:</p><blockquote>A person who is working in a professional capacity as a journalist.</blockquote><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:TrackMoves></w:TrackMoves>
<w:TrackFormatting></w:TrackFormatting>
<w:PunctuationKerning></w:PunctuationKerning>
<w:ValidateAgainstSchemas></w:ValidateAgainstSchemas>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:DoNotPromoteQF></w:DoNotPromoteQF>
<w:LidThemeOther>EN-US</w:LidThemeOther>
<w:LidThemeAsian>JA</w:LidThemeAsian>
<w:Compatibility>
<w:BreakWrappedTables></w:BreakWrappedTables>
<w:SnapToGridInCell></w:SnapToGridInCell>
<w:WrapTextWithPunct></w:WrapTextWithPunct>
<w:UseAsianBreakRules></w:UseAsianBreakRules>
<w:DontGrowAutofit></w:DontGrowAutofit>
<w:SplitPgBreakAndParaMark></w:SplitPgBreakAndParaMark>
<w:EnableOpenTypeKerning></w:EnableOpenTypeKerning>
<w:DontFlipMirrorIndents></w:DontFlipMirrorIndents>
<w:OverrideTableStyleHps></w:OverrideTableStyleHps>
<w:UseFELayout></w:UseFELayout>
</w:Compatibility>
<m:mathPr>
<m:mathFont m:val="Cambria Math"></m:mathFont>
<m:brkBin m:val="before"></m:brkBin>
<m:brkBinSub m:val="&#45;-"></m:brkBinSub>
<m:smallFrac m:val="off"></m:smallFrac>
<m:dispDef></m:dispDef>
<m:lMargin m:val="0"></m:lMargin>
<m:rMargin m:val="0"></m:rMargin>
<m:defJc m:val="centerGroup"></m:defJc>
<m:wrapIndent m:val="1440"></m:wrapIndent>
<m:intLim m:val="subSup"></m:intLim>
<m:naryLim m:val="undOvr"></m:naryLim>
</m:mathPr></w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
DefSemiHidden="true" DefQFormat="false" DefPriority="99"
LatentStyleCount="276">
<w:LsdException Locked="false" Priority="0" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Normal"></w:LsdException>
<w:LsdException Locked="false" Priority="9" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="heading 1"></w:LsdException>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"></w:LsdException>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"></w:LsdException>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"></w:LsdException>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"></w:LsdException>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"></w:LsdException>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"></w:LsdException>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"></w:LsdException>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"></w:LsdException>
<w:LsdException Locked="false" Priority="39" Name="toc 1"></w:LsdException>
<w:LsdException Locked="false" Priority="39" Name="toc 2"></w:LsdException>
<w:LsdException Locked="false" Priority="39" Name="toc 3"></w:LsdException>
<w:LsdException Locked="false" Priority="39" Name="toc 4"></w:LsdException>
<w:LsdException Locked="false" Priority="39" Name="toc 5"></w:LsdException>
<w:LsdException Locked="false" Priority="39" Name="toc 6"></w:LsdException>
<w:LsdException Locked="false" Priority="39" Name="toc 7"></w:LsdException>
<w:LsdException Locked="false" Priority="39" Name="toc 8"></w:LsdException>
<w:LsdException Locked="false" Priority="39" Name="toc 9"></w:LsdException>
<w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"></w:LsdException>
<w:LsdException Locked="false" Priority="10" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Title"></w:LsdException>
<w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"></w:LsdException>
<w:LsdException Locked="false" Priority="11" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtitle"></w:LsdException>
<w:LsdException Locked="false" Priority="22" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Strong"></w:LsdException>
<w:LsdException Locked="false" Priority="20" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Emphasis"></w:LsdException>
<w:LsdException Locked="false" Priority="59" SemiHidden="false"
UnhideWhenUsed="false" Name="Table Grid"></w:LsdException>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"></w:LsdException>
<w:LsdException Locked="false" Priority="1" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="No Spacing"></w:LsdException>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading"></w:LsdException>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List"></w:LsdException>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid"></w:LsdException>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1"></w:LsdException>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2"></w:LsdException>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1"></w:LsdException>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2"></w:LsdException>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1"></w:LsdException>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2"></w:LsdException>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3"></w:LsdException>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List"></w:LsdException>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading"></w:LsdException>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List"></w:LsdException>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid"></w:LsdException>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 1"></w:LsdException>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 1"></w:LsdException>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 1"></w:LsdException>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"></w:LsdException>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"></w:LsdException>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 1"></w:LsdException>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"></w:LsdException>
<w:LsdException Locked="false" Priority="34" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"></w:LsdException>
<w:LsdException Locked="false" Priority="29" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Quote"></w:LsdException>
<w:LsdException Locked="false" Priority="30" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"></w:LsdException>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 1"></w:LsdException>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"></w:LsdException>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"></w:LsdException>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"></w:LsdException>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 1"></w:LsdException>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 1"></w:LsdException>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 1"></w:LsdException>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 1"></w:LsdException>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 2"></w:LsdException>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 2"></w:LsdException>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 2"></w:LsdException>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"></w:LsdException>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"></w:LsdException>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 2"></w:LsdException>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 2"></w:LsdException>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"></w:LsdException>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"></w:LsdException>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"></w:LsdException>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 2"></w:LsdException>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 2"></w:LsdException>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 2"></w:LsdException>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 2"></w:LsdException>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 3"></w:LsdException>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 3"></w:LsdException>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 3"></w:LsdException>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"></w:LsdException>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"></w:LsdException>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 3"></w:LsdException>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 3"></w:LsdException>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"></w:LsdException>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"></w:LsdException>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"></w:LsdException>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 3"></w:LsdException>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 3"></w:LsdException>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 3"></w:LsdException>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 3"></w:LsdException>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 4"></w:LsdException>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 4"></w:LsdException>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 4"></w:LsdException>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"></w:LsdException>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"></w:LsdException>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 4"></w:LsdException>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 4"></w:LsdException>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"></w:LsdException>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"></w:LsdException>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"></w:LsdException>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 4"></w:LsdException>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 4"></w:LsdException>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 4"></w:LsdException>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 4"></w:LsdException>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 5"></w:LsdException>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 5"></w:LsdException>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 5"></w:LsdException>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"></w:LsdException>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"></w:LsdException>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 5"></w:LsdException>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 5"></w:LsdException>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"></w:LsdException>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"></w:LsdException>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"></w:LsdException>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 5"></w:LsdException>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 5"></w:LsdException>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 5"></w:LsdException>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 5"></w:LsdException>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 6"></w:LsdException>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 6"></w:LsdException>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 6"></w:LsdException>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"></w:LsdException>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"></w:LsdException>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 6"></w:LsdException>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 6"></w:LsdException>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"></w:LsdException>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"></w:LsdException>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"></w:LsdException>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 6"></w:LsdException>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 6"></w:LsdException>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 6"></w:LsdException>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 6"></w:LsdException>
<w:LsdException Locked="false" Priority="19" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"></w:LsdException>
<w:LsdException Locked="false" Priority="21" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"></w:LsdException>
<w:LsdException Locked="false" Priority="31" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"></w:LsdException>
<w:LsdException Locked="false" Priority="32" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"></w:LsdException>
<w:LsdException Locked="false" Priority="33" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Book Title"></w:LsdException>
<w:LsdException Locked="false" Priority="37" Name="Bibliography"></w:LsdException>
<w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"></w:LsdException>
</w:LatentStyles>
</xml><![endif]--><p>What’s missing from this definition? Bloggers, lawyers, policy advisers, and any number of other people who may write things that are critical of the government. Additionally, the data retention law explicitly outlaws<span style="font-size: 13.0080003738403px; line-height: 1.538em;"> “</span><a href="https://www.schneier.com/blog/archives/2015/03/australia_outla.html" style="font-size: 13.0080003738403px; line-height: 1.538em;">warrant canaries</a>,” a novel strategy that some providers use to signal that they have not received a gag order, the theory being that if the signal is not renewed, that status has likely changed. <a href="https://canarywatch.org/" style="font-size: 13.0080003738403px; line-height: 1.538em;">Canary Watch</a> currently tracks the state of warrant canaries for dozens of companies, ranging from VPN providers to reddit.</p><!--EndFragment--><p>So where do we go from here? Even if mandatory data retention is the law of the land in Australia, that doesn’t mean the battle is over. It was the passing of the original EU data retention directive in 2006 that mobilized and fueled the growth of a new generation of digital rights groups across Europe, including Germany and Austria's AK Vorrat, the UK's Open Rights Group, and Digital Rights Ireland, whose lawsuit against the mandate led to its final repeal.</p><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:TrackMoves></w:TrackMoves>
<w:TrackFormatting></w:TrackFormatting>
<w:PunctuationKerning></w:PunctuationKerning>
<w:ValidateAgainstSchemas></w:ValidateAgainstSchemas>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:DoNotPromoteQF></w:DoNotPromoteQF>
<w:LidThemeOther>EN-US</w:LidThemeOther>
<w:LidThemeAsian>JA</w:LidThemeAsian>
<w:Compatibility>
<w:BreakWrappedTables></w:BreakWrappedTables>
<w:SnapToGridInCell></w:SnapToGridInCell>
<w:WrapTextWithPunct></w:WrapTextWithPunct>
<w:UseAsianBreakRules></w:UseAsianBreakRules>
<w:DontGrowAutofit></w:DontGrowAutofit>
<w:SplitPgBreakAndParaMark></w:SplitPgBreakAndParaMark>
<w:EnableOpenTypeKerning></w:EnableOpenTypeKerning>
<w:DontFlipMirrorIndents></w:DontFlipMirrorIndents>
<w:OverrideTableStyleHps></w:OverrideTableStyleHps>
<w:UseFELayout></w:UseFELayout>
</w:Compatibility>
<m:mathPr>
<m:mathFont m:val="Cambria Math"></m:mathFont>
<m:brkBin m:val="before"></m:brkBin>
<m:brkBinSub m:val="&#45;-"></m:brkBinSub>
<m:smallFrac m:val="off"></m:smallFrac>
<m:dispDef></m:dispDef>
<m:lMargin m:val="0"></m:lMargin>
<m:rMargin m:val="0"></m:rMargin>
<m:defJc m:val="centerGroup"></m:defJc>
<m:wrapIndent m:val="1440"></m:wrapIndent>
<m:intLim m:val="subSup"></m:intLim>
<m:naryLim m:val="undOvr"></m:naryLim>
</m:mathPr></w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
DefSemiHidden="true" DefQFormat="false" DefPriority="99"
LatentStyleCount="276">
<w:LsdException Locked="false" Priority="0" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Normal"></w:LsdException>
<w:LsdException Locked="false" Priority="9" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="heading 1"></w:LsdException>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"></w:LsdException>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"></w:LsdException>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"></w:LsdException>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"></w:LsdException>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"></w:LsdException>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"></w:LsdException>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"></w:LsdException>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"></w:LsdException>
<w:LsdException Locked="false" Priority="39" Name="toc 1"></w:LsdException>
<w:LsdException Locked="false" Priority="39" Name="toc 2"></w:LsdException>
<w:LsdException Locked="false" Priority="39" Name="toc 3"></w:LsdException>
<w:LsdException Locked="false" Priority="39" Name="toc 4"></w:LsdException>
<w:LsdException Locked="false" Priority="39" Name="toc 5"></w:LsdException>
<w:LsdException Locked="false" Priority="39" Name="toc 6"></w:LsdException>
<w:LsdException Locked="false" Priority="39" Name="toc 7"></w:LsdException>
<w:LsdException Locked="false" Priority="39" Name="toc 8"></w:LsdException>
<w:LsdException Locked="false" Priority="39" Name="toc 9"></w:LsdException>
<w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"></w:LsdException>
<w:LsdException Locked="false" Priority="10" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Title"></w:LsdException>
<w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"></w:LsdException>
<w:LsdException Locked="false" Priority="11" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtitle"></w:LsdException>
<w:LsdException Locked="false" Priority="22" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Strong"></w:LsdException>
<w:LsdException Locked="false" Priority="20" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Emphasis"></w:LsdException>
<w:LsdException Locked="false" Priority="59" SemiHidden="false"
UnhideWhenUsed="false" Name="Table Grid"></w:LsdException>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"></w:LsdException>
<w:LsdException Locked="false" Priority="1" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="No Spacing"></w:LsdException>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading"></w:LsdException>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List"></w:LsdException>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid"></w:LsdException>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1"></w:LsdException>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2"></w:LsdException>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1"></w:LsdException>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2"></w:LsdException>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1"></w:LsdException>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2"></w:LsdException>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3"></w:LsdException>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List"></w:LsdException>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading"></w:LsdException>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List"></w:LsdException>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid"></w:LsdException>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 1"></w:LsdException>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 1"></w:LsdException>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 1"></w:LsdException>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"></w:LsdException>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"></w:LsdException>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 1"></w:LsdException>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"></w:LsdException>
<w:LsdException Locked="false" Priority="34" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"></w:LsdException>
<w:LsdException Locked="false" Priority="29" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Quote"></w:LsdException>
<w:LsdException Locked="false" Priority="30" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"></w:LsdException>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 1"></w:LsdException>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"></w:LsdException>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"></w:LsdException>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"></w:LsdException>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 1"></w:LsdException>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 1"></w:LsdException>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 1"></w:LsdException>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 1"></w:LsdException>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 2"></w:LsdException>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 2"></w:LsdException>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 2"></w:LsdException>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"></w:LsdException>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"></w:LsdException>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 2"></w:LsdException>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 2"></w:LsdException>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"></w:LsdException>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"></w:LsdException>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"></w:LsdException>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 2"></w:LsdException>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 2"></w:LsdException>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 2"></w:LsdException>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 2"></w:LsdException>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 3"></w:LsdException>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 3"></w:LsdException>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 3"></w:LsdException>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"></w:LsdException>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"></w:LsdException>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 3"></w:LsdException>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 3"></w:LsdException>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"></w:LsdException>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"></w:LsdException>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"></w:LsdException>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 3"></w:LsdException>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 3"></w:LsdException>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 3"></w:LsdException>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 3"></w:LsdException>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 4"></w:LsdException>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 4"></w:LsdException>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 4"></w:LsdException>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"></w:LsdException>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"></w:LsdException>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 4"></w:LsdException>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 4"></w:LsdException>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"></w:LsdException>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"></w:LsdException>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"></w:LsdException>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 4"></w:LsdException>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 4"></w:LsdException>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 4"></w:LsdException>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 4"></w:LsdException>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 5"></w:LsdException>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 5"></w:LsdException>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 5"></w:LsdException>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"></w:LsdException>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"></w:LsdException>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 5"></w:LsdException>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 5"></w:LsdException>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"></w:LsdException>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"></w:LsdException>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"></w:LsdException>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 5"></w:LsdException>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 5"></w:LsdException>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 5"></w:LsdException>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 5"></w:LsdException>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 6"></w:LsdException>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 6"></w:LsdException>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 6"></w:LsdException>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"></w:LsdException>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"></w:LsdException>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 6"></w:LsdException>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 6"></w:LsdException>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"></w:LsdException>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"></w:LsdException>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"></w:LsdException>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 6"></w:LsdException>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 6"></w:LsdException>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 6"></w:LsdException>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 6"></w:LsdException>
<w:LsdException Locked="false" Priority="19" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"></w:LsdException>
<w:LsdException Locked="false" Priority="21" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"></w:LsdException>
<w:LsdException Locked="false" Priority="31" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"></w:LsdException>
<w:LsdException Locked="false" Priority="32" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"></w:LsdException>
<w:LsdException Locked="false" Priority="33" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Book Title"></w:LsdException>
<w:LsdException Locked="false" Priority="37" Name="Bibliography"></w:LsdException>
<w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"></w:LsdException>
</w:LatentStyles>
</xml><![endif]--><p>That fight took eight years; but it shows that overturning data retention is possible. The Australian Green Party’s Scott Ludlam, who has vigorously opposed the bill from its very conception immediately put out a statement vowing to fight: “Our work now turns to repealing this regime.” He also urged accountability for every MP that supports the regime, calling on Australians to <a href="http://scott-ludlam.greensmps.org.au/call-labor-senator-stop-data-retention" style="font-size: 13.0080003738403px; line-height: 1.538em;">contact Bill Shorten and his Labour colleagues</a> and tell them “you’re unhappy with their decision to surrender our digital rights and privacy.”</p><p>The legal and policy fight against data retention may take time. But Australians can take immediate steps to protect themselves from mandatory data retention for themselves as well as protecting those who are most vulnerable to illegitimate surveillance with technology.&nbsp;EFF’s <a href="https://ssd.eff.org/">Surveillance Self Defense</a> offers tips, tools, and how-tos for safer online communications, whether its protecting your metadata with a <a href="https://ssd.eff.org/en/module/choosing-vpn-thats-right-you">VPN</a> or <a href="https://ssd.eff.org/en/module/how-use-tor-windows">Tor</a> or choosing the <a href="https://ssd.eff.org/en/module/choosing-your-tools">appropriate secure communications tools</a> for your needs. The flimsy protections for a small subset of journalists in Australia's law will not be enough: everyone at risk from pervasive, long-term data collection will need to take steps to protect themselves.</p><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-fareast-language:JA;}
</style>
<![endif]--><p>Australians cannot be alone in this fight. Every nation – from the United States, Europe to Paraguay – that rejects data retention, strengthens the arguments in favor of rejecting it globally. Every country that falls prey to data retention law, from Australia to Brazil, encourages other states to press for it in their own legislatures. It's a global fight, and one that will require solidarity and a global alliance against data retention to combat it.</p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Data%20Retention%20Law%20Passes%20in%20Australia%2C%20but%20the%20Fight%20Isn%E2%80%99t%20Over&amp;url=https%3A//www.eff.org/deeplinks/2015/04/data-retention-law-passes-australia-fight-isnt-over&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Data%20Retention%20Law%20Passes%20in%20Australia%2C%20but%20the%20Fight%20Isn%E2%80%99t%20Over&amp;u=https%3A//www.eff.org/deeplinks/2015/04/data-retention-law-passes-australia-fight-isnt-over" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2015/04/data-retention-law-passes-australia-fight-isnt-over" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Data%20Retention%20Law%20Passes%20in%20Australia%2C%20but%20the%20Fight%20Isn%E2%80%99t%20Over&amp;url=https%3A//www.eff.org/deeplinks/2015/04/data-retention-law-passes-australia-fight-isnt-over" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Tue, 07 Apr 2015 16:29:13 +0000Eva Galperin85369 at https://www.eff.orgCommentaryAnonymityInternationalFacebook Has Clarified its Policies. How About Fixing Them? https://www.eff.org/deeplinks/2015/03/facebook-has-clarified-its-policies-how-about-fixing-them
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p class="normal">Facebook recently updated its <a href="https://www.facebook.com/communitystandards">community standards</a>. As the company <a href="http://newsroom.fb.com/news/2015/03/explaining-our-community-standards-and-approach-to-government-requests/">noted</a> in the announcement accompanying the change, their “policies and standards themselves are not changing,” but that they wanted to provide more clarity to a set of existing rules that have often been misunderstood by users.</p>
<p class="normal">While some of the changes provide significantly more detail as to the reasoning behind certain content restrictions, others fall short. And unfortunately, the updated standards do very little to solve the continuing problem of account suspensions for “real names” violations. </p>
<p class="normal"><b>“Real Names”</b></p>
<p class="normal">Even <a href="http://www.cbc.ca/news/canada/sudbury/ontario-teen-isis-king-faces-bullying-facebook-ban-over-her-name-1.3005014">in the last week and a half</a> Facebook has <a href="http://www.huffingtonpost.com/domenick-scudera/wake-up-facebook-you-are_b_6876994.html?ncid=fcbklnkushpmg00000050">continued to suspend users</a> for violations of its “real names” policy, a policy which <a href="https://www.eff.org/deeplinks/2014/09/facebooks-real-name-policy-can-cause-real-world-harm-lgbtq-community">we’ve argued</a> causes real world harm. In the latest story to get publicity, a teen with the <a href="http://www.cbc.ca/news/canada/sudbury/ontario-teen-isis-king-faces-bullying-facebook-ban-over-her-name-1.3005014">legal name Isis King</a> had her account suspended by Facebook for a names policy violation—until a media inquiry. The latest update to the community standards won’t change the experience of users like Isis King, but it does clarify where Facebook stands.</p>
<p class="normal">Prior to the change, the standards <a href="https://web.archive.org/web/20150314010405/https://www.facebook.com/communitystandards">read</a>: “On Facebook people connect using their real names and identities.” Because Facebook asks for ID when handling appeals and blocks certain words from being entered in the “name” fields at account creation, most users have assumed that when Facebook says “real name,” the company really means “legal name.”</p>
<p class="normal">Following a spate of account takedowns last fall, however, Facebook’s Chief Product Officer, Chris Cox, posted a <a href="https://www.facebook.com/chris.cox/posts/10101301777354543">statement</a> in which he said: “our policy has never been to require everyone on Facebook to use their legal name.” Shortly thereafter, we <a href="https://www.eff.org/deeplinks/2015/02/facebooks-name-policy-strikes-again-time-native-americans">noted a shift</a> in the company’s language in notifications to users. A section on account security in the <a href="https://www.facebook.com/communitystandards">Community Standards</a> now reads, in part:</p>
<blockquote><p class="normal">Using Your Authentic Identity: How Facebook's real name requirement creates a safer environment.</p>
<p class="normal">People connect on Facebook using their authentic identities. When people stand behind their opinions and actions with their authentic name and reputation, our community is more accountable...</p>
</blockquote>
<p class="normal">Nevertheless, the company’s <a href="https://www.facebook.com/legal/terms">Statement of Responsibilities</a>—the legal text underpinning the Community Standards—still contains language referring to real names:</p>
<blockquote><p class="normal">Facebook users provide their real names and information, and we need your help to keep it that way.</p>
</blockquote>
<p class="normal">While we’re glad to see that Facebook is changing how it communicates this guideline to users, it’s a very small change in the face of the continuing reports that Facebook is suspending users’ accounts for name policy violations.</p>
<p class="normal"><b>Content policy</b></p>
<p class="normal">Facebook’s content policies—and how they are implemented—have often left users confused. For example, the company told us that images of mothers breastfeeding were never meant to be restricted, yet <a href="http://www.cnet.com/news/facebook-actually-sorry-for-banning-breastfeeding-pic/">numerous instances</a> of such photos being removed have led to a persistent belief that the company bans such images.</p>
<p class="normal">The latest iteration of the community standards is intended to provide additional clarity to users. As the <i>New York Times</i>’ Vindu Goel <a href="http://bits.blogs.nytimes.com/2015/03/16/facebook-explains-what-it-bans-and-why/">put it</a>, “[Despite] its published guidelines, the reasoning behind Facebook’s decisions to block or allow content are often opaque and inconsistent.”</p>
<p class="normal">In respect to some topics, Facebook has certainly met their goal. The section on sexual violence and exploitation, for example, lays out numerous examples of what the company deems unacceptable. A section on “attacks on public figures” clarifies that Facebook does not remove criticism of public figures...unless it constitutes hate speech, in which they treat the content as they would if the target were not famous.</p>
<p class="normal">Other sections leave more to be desired. While Facebook’s rules about “dangerous organizations” make clear that groups engaged in “terrorist” or “organized criminal” activity have no place on the platform, there is no additional clarity on how terrorist groups are defined, despite <a href="http://www.csmonitor.com/World/Middle-East/2014/0717/In-social-media-battle-IDF-uploads-while-Hamas-accounts-are-deleted">some evidence</a> that the definitions are underpinned by US law.</p>
<p class="normal"><b>Appeals</b></p>
<p class="normal">Content-hosting intermediaries like Facebook should provide robust appeals processes for users. Facebook’s head of global policy management, Monika Bickert, recently <a href="http://bits.blogs.nytimes.com/2015/03/16/facebook-explains-what-it-bans-and-why/">told the <em>New York </em></a><em><a href="http://bits.blogs.nytimes.com/2015/03/16/facebook-explains-what-it-bans-and-why/">Times:</a></em></p>
<blockquote><p class="normal">If a person’s account is suspended, those appeals are read by real people who can look into the specifics.</p>
</blockquote>
<p class="normal">Although Facebook <a href="https://jilliancyork.com/2011/07/19/facebook-appeals/">instituted an appeals process</a> in 2011, the process is only available for users whose Page or Profile has been removed; that is, there is no process for appealing when other content—such as photos, posts, or videos—are removed. Furthermore, the process is ambiguous and doesn’t seem to make much of a difference to users, many of whom have contacted us following account suspensions.</p>
<p class="normal">The <a href="https://www.facebook.com/help/contact/260749603972907">appeals</a><a href="https://www.facebook.com/help/contact/260749603972907"> form</a> itself is hard to find. It's accessible through the help center. But Facebook doesn’t seem to actually highlight it as an option in the endless screens users find themselves in when trying to verify their “authenticity.” Once users find themselves in that process, they are directed to update their name, instead of being sent to the appeal. When they click on the link Facebook provides to its help center during the name verification process, that link goes to lists of ID, not to the appeal.</p>
<p class="normal">In fact, the appeal isn’t available unless an account has been entirely disabled. Some users have had the experience of providing ID to Facebook with a legal name that didn’t match their real name, only to have Facebook put that legal name on the account. We’ve been contacted by users with abusive stalkers, users who have public-facing jobs that use their drag name, and others who’ve had this experience. Those users can’t access the appeals form once their account is erroneously restored.</p>
<p class="normal"></p>
<p><a href="/files/2015/03/23/id.required.appeal.png"> <img class="image-left" src="/files/2015/03/23/id.required.appeal.png" alt="Image of screenshot from Facebook saying ID required to submit appeal" width="339" height="448" /></a></p>
<p class="normal">Finally, in an impressive display of irony, the appeals form requires users to upload an ID. In other words, it requires users who are having issues with Facebook’s process of verifying identity (using an ID) to restore accounts to do exactly that— upload an ID, before even getting the chance to talk to someone. Considering that accounts have been restored with incorrect names in dangerous situations, users’ hesitancy to upload an ID just to file an appeal is understandable.</p>
<p class="normal">If Facebook cares about its users, it should make its appeals process easier to access and easier to use. It should allow appeals for <i>all </i>types of removed content, not just Profiles and Pages. And it certainly shouldn’t require ID as the first step.</p>
<p class="normal">While we think it’s good that Facebook decided to provide more clarity about its policies, it might be better served by improving those policies and ensuring that Facebook is an accessible, open platform for its millions of users worldwide.</p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Facebook%20Has%20Clarified%20its%20Policies.%20How%20About%20Fixing%20Them%3F%20&amp;url=https%3A//www.eff.org/deeplinks/2015/03/facebook-has-clarified-its-policies-how-about-fixing-them&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Facebook%20Has%20Clarified%20its%20Policies.%20How%20About%20Fixing%20Them%3F%20&amp;u=https%3A//www.eff.org/deeplinks/2015/03/facebook-has-clarified-its-policies-how-about-fixing-them" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2015/03/facebook-has-clarified-its-policies-how-about-fixing-them" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Facebook%20Has%20Clarified%20its%20Policies.%20How%20About%20Fixing%20Them%3F%20&amp;url=https%3A//www.eff.org/deeplinks/2015/03/facebook-has-clarified-its-policies-how-about-fixing-them" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Mon, 23 Mar 2015 22:35:54 +0000Jillian York and Dia Kayyali85154 at https://www.eff.orgFree SpeechAnonymityInternationalFloridians, Help Us Stop Your State From Outlawing Anonymous Websiteshttps://www.eff.org/florida-outlawing-anonymous-speech
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>Floridians, we need your help to stop a dangerous anti-anonymity bill. This week, the Florida state legislature is considering a <a title="Florida HB 271" href="http://myfloridahouse.gov/Sections/Bills/billsdetail.aspx?BillId=53294">bill</a> that would make it illegal to run any website or service anonymously, if the site fits a vague category of “disseminat[ing]” “commercial” recordings or videos—even the site owner’s own work. Outlawing anonymous speech raises a serious First Amendment problem, and laws like this one have been abused by police and the entertainment industry.</p>
<p>The bill, which is moving through Florida House and Senate committees this week, requires anyone who operates a website or Internet service to “disclose his or her true and correct name, physical address, and telephone number or e-mail address.” It would apply to any website or service “dealing in substantial part in the electronic dissemination of commercial recordings or audiovisual works, directly or indirectly,” to Florida consumers.</p>
<p>A great many websites could be de-anonymized by this statute, whether they are hosted in Florida or not. The bill defines a “commercial recording or audiovisual work” as anything an “owner … agent, or licensee has disseminated or intends to disseminate.” That covers a potentially vast number of people. Any of them could apply for a court order forcing a website owner (or potentially their ISP) to reveal their name and address.</p>
<p>Worse yet, the bill could be used to unmask anonymous bloggers, vidders, or musicians who primarily put their <em>own</em> work online if even one recording or video belonging to someone else appears on their site - or perhaps even a link to someone else’s work.</p>
<p>Similar “true name and address” laws in other states have been used to justify police raids on music studios. In 2007, a Georgia police SWAT team (with RIAA employees in tow) <a title=" The Blog Coverage" href="https://www.eff.org/deeplinks/2007/01/dj-drama-blog-coverage">raided the studio</a> of DJ Drama and DJ Cannon, makers of influential “mixtapes” that record labels used to promote their artists. The police arrested the DJs and confiscated their CDs and equipment. Their justification wasn’t copyright law (which is a federal law) but a more limited version of the same law Florida is considering, one that applies only to physical goods. If Florida expands on Georgia’s law by including websites, we could see similar police raids against music blogs or other avenues of online speech. And the works on the site might even be in the public domain, as long as some “owner, assignee, authorized agent, or licensee”—perhaps a broadcaster—complains.</p>
<p>The bill does have a few mitigating features. It excludes service providers hosting or transmitting third-party content, as <a title=" CDA 230" href="https://www.eff.org/issues/cda230">Section 230 of the Communications Decency Act</a> requires. And the bill doesn't apply if the material on a website is “excerpt[s] consisting of less than substantially all of a recording or audiovisual work”—a small and incomplete nod to fair use.</p>
<p>Still, the bill raises big constitutional problems. The ability to speak anonymously is an important free speech right. Forcing website owners to identify themselves violates the First Amendment when laws like this one are vague about which sites must comply. Even a site that a court decides is “likely to violate” the statute could be de-anonymized.</p>
<p>In addition, using state law to regulate the contents of websites creates constitutional problems because the Internet is borderless. This bill could easily apply to sites hosted anywhere in the U.S., not just in Florida. State regulation of websites can interfere with the federal government’s exclusive authority over interstate commerce.</p>
<p>If you live in Florida, contact your legislators and speak out about this bill! You can find your Senator <a title="Find My Senator" href="http://flsenate.gov/Senators/#Senators">here</a> and your Representative <a title="Find My Representative" href="http://myfloridahouse.gov/Sections/Representatives/myrepresentative.aspx">here</a>. Tell them you oppose <a title="SB 604 information page" href="http://flsenate.gov/Session/Bill/2015/0604">SB 604</a> and <a title="HB 271 information page" href="http://myfloridahouse.gov/Sections/Bills/billsdetail.aspx?BillId=53294">HB 271</a>.</p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Floridians%2C%20Help%20Us%20Stop%20Your%20State%20From%20Outlawing%20Anonymous%20Websites&amp;url=https%3A//www.eff.org/florida-outlawing-anonymous-speech&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Floridians%2C%20Help%20Us%20Stop%20Your%20State%20From%20Outlawing%20Anonymous%20Websites&amp;u=https%3A//www.eff.org/florida-outlawing-anonymous-speech" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/florida-outlawing-anonymous-speech" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Floridians%2C%20Help%20Us%20Stop%20Your%20State%20From%20Outlawing%20Anonymous%20Websites&amp;url=https%3A//www.eff.org/florida-outlawing-anonymous-speech" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Mon, 02 Mar 2015 20:39:52 +0000Mitch Stoltz84882 at https://www.eff.orgFree SpeechAnonymityEFF to NSA: If The Rule of Law is Important, Start Acting Like Ithttps://www.eff.org/deeplinks/2015/02/eff-nsa-if-rule-law-important-start-acting-it
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>In comments yesterday during a <a href="http://www.newamerica.org/new-america/cybersecurity-for-a-new-america/">cybersecurity conference</a> at the New America Foundation, the Director of the NSA, Admiral Mike Rogers faced vocal criticism from the tech community (including cryptography expert Bruce Schneier and Yahoo CISO Alex Stamos). The criticism focused on the Obama administration's insistence that it should have access to everyone's encrypted communications via a backdoor, sometimes called a "<a href="https://www.techdirt.com/articles/20141006/01082128740/washington-posts-braindead-editorial-phone-encryption-no-backdoors-how-about-magical-golden-key.shtml">golden key</a>." Security experts caution that such a magic key, usable only by the "good guys" is—like magic—<a href="https://www.schneier.com/blog/archives/2014/10/iphone_encrypti_1.html">not actually possible</a>.</p>
<p><img src="/files/2015/02/24/shadymrrogers.jpg" alt="year of magical thinking" title="Satire courtesy of Dmitri Rizek" class="align-right" height="543" width="355" /></p>
<p>Nevertheless, the NSA continues to assert that technology companies have a responsibility to create a "<a href="http://justsecurity.org/20304/transcript-nsa-director-mike-rogers-vs-yahoo-encryption-doors/">framework</a>" to allow them (and their analysts) access to our data and communications, even if we have chosen to encrypt them. Admiral Rogers would of course prefer that we not call the backdoor a "backdoor," because <a href="http://justsecurity.org/20304/transcript-nsa-director-mike-rogers-vs-yahoo-encryption-doors/">in his words</a>, backdoors are, well, "kind of shady." Like others in the Obama administration, he focuses on changing the terminology, not the substance. </p>
<p>But no matter what you call it, technology experts have told the NSA over and over again that this approach simply will not work. Once you build a backdoor (even if you call it something else) you can't be sure who will walk through it. And there's plenty of evidence that <a href="http://spectrum.ieee.org/telecom/security/the-athens-affair">governments</a>, especially the <a href="http://thinkprogress.org/security/2013/05/24/2042631/google-hacking-backdoor/">Chinese government</a>, target law enforcement backdoors in technology products in order to gain the same level of access to user data (without legal oversight) that the NSA is so keen to get for itself. The "golden key" that Admiral Rogers and <a href="http://www.fbi.gov/news/speeches/going-dark-are-technology-privacy-and-public-safety-on-a-collision-course">FBI Director Comey</a> are so eager to get their hands on <a href="https://en.wikipedia.org/wiki/Field_of_Dreams">will of course work no matter who's holding it</a>.</p>
<p>Stamos challenged Admiral Rogers directly on this point, asking:</p>
<blockquote><p>So, if we’re going to build defects/backdoors or golden master keys for the US government, do you believe we should do so — we have about 1.3 billion users around the world — should we do for the Chinese government, the Russian government, the Saudi Arabian government, the Israeli government, the French government? Which of those countries should we give backdoors to?</p></blockquote>
<p>Admiral Rogers punted by responding that this should be done within a (presumably-legal) "framework" and while "...I’m the first to acknowledge there are international implications. I think we can work our way through this." If the tech companies give Rogers the backdoor that he's asking for, why should we believe that other countries would follow that legal framework and not simply ignore that framework and attack the law enforcement access point?</p>
<p>Our Ethiopia case is an example of a country deciding not to play by the rules, unleashing the Ethiopian national security apparatus on a dissident living in the United States. Ethiopia did not choose to abide by the legal lawful intercept "framework," but instead chose to spy on an Ethiopian American named Mr. Kidane outside the law. We <a href="https://www.eff.org/cases/kidane-v-ethiopia">sued the government of Ethiopia</a> on behalf of Mr. Kidane's after he discovered traces of a sophisticated spyware product called FinSpy on his computer which its maker claims is sold exclusively to governments and law enforcement. </p>
<p>A forensic examination of his computer showed that the Ethiopian government had been recording Mr. Kidane’s Skype calls, as well as monitoring his web and email usage. The monitoring, which occurred without any court order or judicial oversight, violates both the federal Wiretap Act and Maryland state law, was accomplished entirely outside the existing legal system, known as the mutual legal assistance treaty (MLAT) framework. Of course, Ethiopia is an American ally in the War on Terror. According to a slide made public in the Snowden revelations, in 2012, the United States <a href="http://revolution-news.com/wp-content/uploads/2014/05/10246765_10152009453030728_1228289443530629823_n.jpg">gave almost $500,000 to the Ethiopian government to fund their surveillance efforts</a>—enough money to buy plenty of licenses for the FinFisher software used to spy on our client.</p>
<p>If the rule of law is as important as we all apparently agree, this is a great opportunity for the Obama Administration tell the courts here that intercepts may only be accomplished with actual legal process. Until then, it's hard to take seriously the Administration's magical thinking: that a technological security hole—as Stamos put it, "like drilling a hole in the windshield"—can be protected by a "framework." The only thing we can trust is math, and the strong encryption that implements it. </p>
</div></div></div><div class="field field-name-field-related-cases field-type-node-reference field-label-above"><div class="field-label">Related Cases:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/cases/kidane-v-ethiopia">Kidane v. Ethiopia</a></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=EFF%20to%20NSA%3A%20If%20The%20Rule%20of%20Law%20is%20Important%2C%20Start%20Acting%20Like%20It&amp;url=https%3A//www.eff.org/deeplinks/2015/02/eff-nsa-if-rule-law-important-start-acting-it&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=EFF%20to%20NSA%3A%20If%20The%20Rule%20of%20Law%20is%20Important%2C%20Start%20Acting%20Like%20It&amp;u=https%3A//www.eff.org/deeplinks/2015/02/eff-nsa-if-rule-law-important-start-acting-it" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2015/02/eff-nsa-if-rule-law-important-start-acting-it" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=EFF%20to%20NSA%3A%20If%20The%20Rule%20of%20Law%20is%20Important%2C%20Start%20Acting%20Like%20It&amp;url=https%3A//www.eff.org/deeplinks/2015/02/eff-nsa-if-rule-law-important-start-acting-it" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Tue, 24 Feb 2015 20:17:46 +0000Eva Galperin and Nate Cardozo84763 at https://www.eff.orgCommentaryFree SpeechAnonymityInternationalSurveillance and Human RightsPrivacySecurityState-Sponsored MalwareFacebook's Name Policy Strikes Again, This Time at Native Americanshttps://www.eff.org/deeplinks/2015/02/facebooks-name-policy-strikes-again-time-native-americans
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>What do drag queens, burlesque performers, human rights activists in Vietnam and Syria, and Native Americans have in common? They have all been the targets of "real names" enforcement on Facebook. And despite <a href="http://www.usatoday.com/story/tech/2014/10/01/facebook-drag-queens/16552927/">reports </a>from the media last year that seemed to indicate that Facebook has "fixed" the issue, they’re still being targeted.</p>
<p>The <a href="http://lastrealindians.com/facebook-dont-believe-in-indian-names-by-dana-lone-hill/">account suspension</a> of Lakota woman Dana Lone Hill got some <a href="http://colorlines.com/archives/2015/02/native_americans_say_facebook_is_accusing_them_of_using_fake_names.html">media attention</a> earlier this week. Lone Hill has had a very similar experience to other users who’ve been booted of the site for name policy violations—with one important difference.</p>
<p>Last year, when drag queens were affected by the policy, they got messages saying it looked like they weren’t using their "real names." Member of <a href="http://www.thesisters.org/">Sisters of Perpetual Indulgence</a> and activist Sister Roma <a href="http://www.dailydot.com/lifestyle/facebook-demands-drag-queens-change-names/">stated that</a> she "was instructed to log in and forced to change the name on my profile to my 'legal name, like the one that appears on your drivers' license or credit card.'"</p>
<p></p><div class="caption caption-center"><div class="caption-inner"><img src="/files/2015/02/13/lone.hill_.screenshot.jpg" alt="Image of screenshot from Facebook " title="Image courtesy of Dana Lone Hill" width="611" height="343" />Image courtesy of Dana Lone Hill</div></div>
<p>Now, however, Facebook’s language has changed. Instead of being told that she needed to use her "legal name," Lone Hill got a message from Facebook saying it looked like she wasn’t using her "authentic name," and that Facebook would "like to work with [her] to verify the name that best represents [her] identity."</p>
<p>In response to drag queens’ complaints last year, Facebook <i>has</i> slightly changed its policy, as demonstrated by the reference to "authentic names" instead of "real names." In October, Facebook’s Chief Product Officer Chris Cox <a href="https://www.facebook.com/chris.cox/posts/10101301777354543">stated</a> that Facebook’s policy "is that everyone on Facebook uses the authentic name they use in real life," not that everyone needs to use a legal name. Facebook has also expanded the ways people can prove their identity. And while these are small steps forward, the irony of Facebook suspending the accounts of Native Americans for honoring their heritage by using traditional names under an "authentic name policy" is pretty huge, to say the least.</p>
<p>Lone Hill isn’t the only Native person who has been affected. As Aura Bogado at Colorlines <a href="http://colorlines.com/archives/2015/02/native_americans_say_facebook_is_accusing_them_of_using_fake_names.html">points out</a>: "The company appears to have been questioning certain Native users since at least 2009,when it <a href="http://www.adweek.com/socialtimes/facebook-blocks-native-americans/307011">deactivated Parmelee Kills The Enemy’s account</a>. More recently, on Indigenous Peoples’ Day, Facebook deleted a number of Native accounts." She’s referring to <a href="http://www.trueactivist.com/native-americans-get-facebook-pages-removed-on-columbus-day-for-fake-names/">the takedown</a> of Shane Creepingbear’s account.</p>
<p>These takedowns illustrate the continued problems with Facebook’s policy. As we <a href="https://www.eff.org/deeplinks/2014/10/dear-facebook-sorry-start-now-lets-see-solutions">pointed out</a> last year, Facebook would be much better off if it simply <a href="https://www.eff.org/deeplinks/2011/07/case-pseudonyms">stopped requiring verification</a> of names at all. But if it won’t commit to doing that, there are still other steps it could take.</p>
<p>First, the enforcement process itself remains problematic. Facebook should not put users into the position where they have to submit ID without warning. Users should still be able log in to their account after being reported. This would give users a chance to warn their friends that their profile may become inactive and to download their account’s content— especially important for users who’ve put a lot of content on the site or who use it a lot.</p>
<p>Facebook should also have a clear appeals process. As the many users who’ve been locked out of their accounts in recent months will point out, that simply doesn’t exist at this point.</p>
<p>Finally, Facebook needs to look at its reporting process. Some background: Facebook doesn’t police names itself. It relies on reports from other users. That’s why Creepingbear was correct when he <a href="http://www.trueactivist.com/native-americans-get-facebook-pages-removed-on-columbus-day-for-fake-names/">asked</a> "the real question is… Who reported us!?!?!!?!!????"<em></em></p>
<p>In the past, Facebook <a href="http://jilliancyork.com/2010/04/08/on-facebook-deactivations/">groups have been created</a> specifically for the purpose of reporting accounts, and in Vietnam government supporters have organized <a href="http://www.theverge.com/2014/9/2/6083647/facebook-s-report-abuse-button-has-become-a-tool-of-global-oppression">reporting sprees</a> against political activists. Drag queens continue to notice specific groups being reported <i>en masse,</i> for example drag queens in a specific city that all know each other, or burlesque performers who’ve all performed at a specific show.</p>
<p>Reporting sprees should be treated as abusive behavior. They could be prohibited in Facebook’s terms of service. Facebook could also institute controls on how reporting happens—for example, flagging accounts that make more than a small number of complaints for review, or putting a limit on how many reports any one account can make in a day.</p>
<p>Whatever solutions Facebook finds, its clear they need to be instituted now. Perusing the list of people who’ve been targeted for names enforcement, there’s one thing every group has in common. They are somehow outside the mainstream. As Creepingbear <a href="http://www.washingtonpost.com/news/morning-mix/wp/2015/02/10/online-authenticity-and-how-facebooks-real-name-policy-hurts-native-americans/http://colorlines.com/archives/2015/02/native_americans_say_facebook_is_accusing_them_of_using_fake_names.html">points out</a>, “There’s been a long history of Native erasure and while Facebook might not be enacting it with that intention, it’s still a part of that long history of people erasing native names. It’s part of the violence against native people in general.”</p>
<p>He's right, and his comment goes for other groups who've been affected by the policy, too. Without putting more controls on how people can report profiles, Facebook has given any user the ability to decide that they are the arbiter of someone else’s name—even when that name represents centuries of cultural tradition, as it does for Native Americans, or belonging in an adopted family for marginalized people, as it does for drag queens.</p>
<p>As for Dana Lone Hill, she was locked out of her account for nearly a week despite the fact that she did provide documentation right away. <a href="http://colorlines.com/archives/2015/02/native_americans_say_facebook_is_accusing_them_of_using_fake_names.html">She says</a> she was asked for more: “credit cards, Social Security numbers, stuff I’m not comfortable sending.” Ultimately, her account was restored—after a few news articles were written. And no one should have to rely on media attention to get Facebook to deal with its broken name policy.</p>
<p> </p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Facebook%27s%20Name%20Policy%20Strikes%20Again%2C%20This%20Time%20at%20Native%20Americans&amp;url=https%3A//www.eff.org/deeplinks/2015/02/facebooks-name-policy-strikes-again-time-native-americans&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Facebook%27s%20Name%20Policy%20Strikes%20Again%2C%20This%20Time%20at%20Native%20Americans&amp;u=https%3A//www.eff.org/deeplinks/2015/02/facebooks-name-policy-strikes-again-time-native-americans" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2015/02/facebooks-name-policy-strikes-again-time-native-americans" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Facebook%27s%20Name%20Policy%20Strikes%20Again%2C%20This%20Time%20at%20Native%20Americans&amp;url=https%3A//www.eff.org/deeplinks/2015/02/facebooks-name-policy-strikes-again-time-native-americans" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Sat, 14 Feb 2015 00:11:25 +0000Dia Kayyali84618 at https://www.eff.orgAnonymityEl Anonimato y El Cifrado Son Los Guardianes De La Libertad de Expresiónhttps://www.eff.org/node/84588
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>En junio del 2015, el watchdog de la libertad de expresión de las Naciones Unidas, <a href="http://www.ohchr.org/EN/ISSUES/FREEDOMOPINION/Pages/OpinionIndex.aspx">David Kaye</a>, presentará un nuevo informe sobre el anonimato y el cifrado ante los <a target="_blank" href="http://www.ohchr.org/EN/HRBodies/HRC/Pages/Membership.aspx">47 Estados miembros </a>del <a target="_blank" href="http://www.ohchr.org/hrc/Pages/redirect.aspx">Consejo de Derechos Humanos</a> con sede en Ginebra. Ayer, EFF <a target="_blank" href="https://www.eff.org/files/2015/03/18/anonimatoycifrado-eff-11.pdf">presentó un informe</a>[PDF] instando al Sr. Kaye a reafirmar la libertad de usar la tecnología de cifrado y proteger el derecho a expresarse, acceder y leer la información de forma anónima. El informe del Sr. Kaye podría ser una de las oportunidades más importantes para fortalecer nuestras libertades fundamentales en la era digital a nivel internacional.</p>
<p><span id="result_box" lang="es" xml:lang="es"><span class="hps alt-edited">El título oficial</span> <span class="hps">del Sr.</span> <span class="hps">Kaye</span> <span class="hps atn">es "</span><span>Relator</span> e<span class="hps">special sobre la promoción</span> <span class="hps alt-edited">y la</span> <span class="hps">protección del derecho</span> <span class="hps">a la libertad de</span> <span class="hps">opinión y de expresión</span><span>"</span><span>.</span> <span class="hps">Relatores especiales</span> <span class="hps">son expertos</span> <span class="hps">independientes designados por el</span> <span class="hps">Consejo de Derechos</span> <span class="hps">Humanos</span> <span class="hps">para examinar</span> <span class="hps">e informar</span> <span class="hps">sobre</span> <span class="hps">un tema</span> <span class="hps">de derechos humanos</span><span>.</span> <span class="hps">Su</span> <span class="hps">mandato</span> <span class="hps">es parte</span> <span class="hps">de los procedimientos especiales</span><span>,</span> <span class="hps">un elemento central de</span> <span class="hps">la maquinaria de derechos</span> <span class="hps">humanos de las Naciones</span> <span class="hps">Unidas que</span> <span class="hps">contribuye al desarrollo</span> <span class="hps">de las normas internacionales</span> <span class="hps">de derechos humanos.</span></span></p>
<p>En concreto, solicitamos al Sr. Kaye a reafirmar que:</p>
<ul><li><span id="result_box" lang="es" xml:lang="es"><span class="hps">El anonimato</span> <span class="hps">no debe limitarse</span> <span class="hps"><em>a priori</em>.</span> El a<span class="hps">nonimato</span> <span class="hps">fuerte debe estar siempre disponible, especialmente aquellos</span><span class="hps"> sistemas que no almacenan registros</span> de datos y/o aquellas <span class="hps">herramientas tecnológicas que protegen el</span><span class="hps"> anonimato</span><span class="hps">;</span></span></li>
<li>La revelación forzada de la identidad de una persona anónima sólo debe ocurrir una vez se haya cometido un delito tipificado en la ley;</li>
<li>El debido proceso de una persona deben ser respetado antes de identificar a esa persona anónima en respuesta a una solicitud al respecto.</li>
<li><span id="result_box" lang="es" xml:lang="es"><span class="hps">Los sistemas judiciales</span><span>, no</span> <span class="hps">los procesos de toma</span> <span class="hps">de decisiones</span> <span class="hps">extrajudiciales,</span> <span class="hps">son los más adecuados</span> <span class="hps">para</span> <span class="hps">equilibrar el derecho</span> <span class="hps">de los ciudadanos a</span> <span class="hps">la expresión</span> <span class="hps">anónima</span> <span class="hps">con</span> <span class="hps">la necesidad de proporcionar</span> <span class="hps">un mecanismo</span> <span class="hps">para corregir</span> <span class="hps">errores;</span></span></li>
<li class="hps">Los regímenes legales deben garantizar un examen riguroso de los derechos de libre expresión y privacidad de las personas antes de obligar a cualquier identificación de la persona anónima;</li>
<li>Ante la falta de cifrado, comunicaciones en línea pueden ser fácilmente interceptadas por cualquier persona, no sólo a la policía;</li>
<li><span id="result_box" lang="es" xml:lang="es"><span class="hps">Los individuos y</span> <span class="hps">agencias gubernamentales</span> <span class="hps">deben</span> <span class="hps">utilizar el cifrado</span> <span class="hps">fuerte</span> <span class="hps">rutinariamente</span><span>.</span> <span class="hps">Nuestra</span> <span class="hps">presentación</span> <span class="hps">advierte</span> <span class="hps">que la seguridad</span> <span class="hps">y el anonimato de</span> <span class="hps">las comunicaciones pueden</span> <span class="hps">ser socavadas por</span> <span class="hps">leyes</span> <span class="hps">que limitan el uso</span> <span class="hps">de las herramientas de</span> <span class="hps">protección de la intimidad</span><span>;</span></span></li>
<li><span lang="es" xml:lang="es"><span> Los Estados deben defender la libertad individual para utilizar la tecnología de cifrado y publicar y distribuir tecnologías de cifrado e investigación;</span></span></li>
<li><span lang="es" xml:lang="es"><span> Las prohibiciones de cifrado y la inclusión obligatoria de "puertas traseras" en el software y equipos de seguridad son peligrosos para la seguridad y la libertad de todos;</span></span></li>
<li><span id="result_box" lang="es" xml:lang="es"><span class="hps">Los intermediarios de Internet</span> <span class="hps">no deben bloquear</span> <span class="hps">o limitar</span> <span class="hps">la transmisión de</span> <span class="hps">las comunicaciones cifradas</span><span>;</span></span></li>
<li><span lang="es" xml:lang="es"><span>Se deben alentar a los proveedores de servicios de Internet a diseñar sistemas de cifrado de extremo a extremo.</span></span></li>
</ul><p><span id="result_box" lang="es" xml:lang="es"><span class="hps">Esperamos que el</span> <span class="hps">informe</span> del Relator de Libertad de Expresión de Naciones Unidas <span class="hps">reafirme</span> <span class="hps">las</span> <span class="hps">libertades</span> <span class="hps">fundamentales</span><span class="hps"> que permite</span> <span class="hps">la capacidad de Internet</span> <span class="hps">de servir como</span> <span class="hps">un vehículo para</span> <span class="hps">la libertad de expresión</span><span>.</span> <span class="hps">Los últimos meses</span> <span class="hps">se ha visto</span> <span class="hps">un movimiento creciente</span> <span class="hps">por algunos políticos</span> <span class="hps">para <a href="https://www.techdirt.com/articles/20130820/09464424253/russia-prepares-to-block-tor-anonymizing-proxies.shtml">despojar</a></span><a href="https://www.techdirt.com/articles/20130820/09464424253/russia-prepares-to-block-tor-anonymizing-proxies.shtml"> <span class="hps">el anonimato</span></a> <span class="hps">de</span> <span class="hps">los usuarios de Internet</span><span>,</span> <a href="http://www.bbc.com/news/technology-30794953"><span class="hps">criminalizar el uso</span> </a><span class="hps"><a href="http://www.bbc.com/news/technology-30794953">del cifrado</a>,</span> <span class="hps">en el mismo momento</span> <span class="hps">en el que hemos</span> <span class="hps">visto la importancia</span> <span class="hps atn">(</span><span>y la dificultad</span><span>)</span> <span class="hps">de defender la</span> <span class="hps">privacidad de las comunicaciones</span> <span class="hps">digitales.</span> <span class="hps">El informe del Relator</span> <span class="hps">Especial</span> <span class="hps">es la oportunidad perfecta</span> <span class="hps">para hablar</span> <span class="hps">a favor de</span> <span class="hps">dos de</span> <span class="hps">las mejores defensas</span> <span class="hps">que tenemos</span> <span class="hps">contra la vigilancia</span> <span class="hps">masiva</span><span>, y por una</span> <span class="hps">Internet</span> <span class="hps">vibrante</span> <span class="hps">y libre.</span></span></p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=El%20Anonimato%20y%20El%20Cifrado%20Son%20Los%20Guardianes%20De%20La%20Libertad%20de%20Expresi%C3%B3n&amp;url=https%3A//www.eff.org/node/84588&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=El%20Anonimato%20y%20El%20Cifrado%20Son%20Los%20Guardianes%20De%20La%20Libertad%20de%20Expresi%C3%B3n&amp;u=https%3A//www.eff.org/node/84588" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/node/84588" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=El%20Anonimato%20y%20El%20Cifrado%20Son%20Los%20Guardianes%20De%20La%20Libertad%20de%20Expresi%C3%B3n&amp;url=https%3A//www.eff.org/node/84588" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Thu, 12 Feb 2015 03:17:43 +0000Danny O&#039;Brien and Katitza Rodriguez84588 at https://www.eff.orgFree SpeechAnonymityInternationalEFF tells UN: Anonymity and Encryption are the Guardians of Free Expressionhttps://www.eff.org/deeplinks/2015/02/tell-un-anonymity-encryption
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>In June 2015, the U.N's free speech watchdog, <a href="http://www.ohchr.org/EN/ISSUES/FREEDOMOPINION/Pages/OpinionIndex.aspx">David Kaye</a>, intends to present a new report on anonymity and encryption before the <a href="http://www.ohchr.org/EN/HRBodies/HRC/Pages/Membership.aspx">47 Member States</a> of the Geneva-based <a href="http://www.ohchr.org/hrc/Pages/redirect.aspx">Human Rights Council</a>. Yesterday, EFF <a href="https://www.eff.org/document/eff-comments-submitted-united-nations-special-rapporteur-promotion-and-protection-right">filed comments</a> urging Mr. Kaye to reaffirm the freedom to use encryption technology and to protect the right to speak, access and read information anonymously. Mr. Kaye’s report could be one of the most significant opportunities to strengthen our fundamental freedoms in the digital age at the international level.</p>
<p>Mr. Kaye’s official title is “Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression.” Special Rapporteurs are independent experts appointed by the Human Rights Council to examine and report back on a specific human rights theme. His mandate is part of the <a href="http://www.ohchr.org/EN/HRBodies/SP/Pages/Welcomepage.aspx">Special Procedures</a>, a central element of the United Nations human rights machinery that contributes to the development of international human rights standards.</p>
<p>In our submission, specifically we urge the Mr. Kaye to include in his report that:</p>
<ul><li>Anonymity must not be restricted <em>a priori</em>. Strong anonymity, where records are not kept, and where privacy-protecting tools obscure the identity of an individual, should always be available.</li>
<li>Compelled disclosure must only occur once a legally defined offense has been committed.</li>
<li>The due process rights of a speaker should be respected before identifying that individual in response to a request to do so.</li>
<li>Judicial systems, not extrajudicial decision-making processes, are best suited to balance citizens’ right to anonymous expression with the need to provide a mechanism to redress wrongs.</li>
<li>Legal regimes must ensure rigorous consideration of the free expression and privacy rights of the speaker before compelling any identification.</li>
<li>In the absence of encryption, online communications can easily be intercepted by anyone, not just the police.</li>
<li>Individuals and government agencies should all use strong encryption routinely. Our submission warns that the security and anonymity of communications can be undermined by laws that limit the use of privacy-enhancing tools.</li>
<li>States should defend the individual freedom to use encryption technology and to publish and distribute encryption technologies and research.</li>
<li>Prohibitions on encryption and the mandatory inclusion of “back doors” in secure software and equipment are dangerous to the security and freedom of all. </li>
<li>Internet intermediaries should not block or limit the transmission of encrypted communications.</li>
<li>Internet service providers should be encouraged to design systems for end-to-end encryption.</li>
</ul><p>We also identified some of the world's governments' best and worst policies and practices for the protection of anonymity.</p>
<p>We hope the report reaffirms the fundamental freedoms that allow the Internet's ability to serve as a vehicle for free expression. The past few months have demonstrated a growing movement by some politicians to <a href="https://www.techdirt.com/articles/20130820/09464424253/russia-prepares-to-block-tor-anonymizing-proxies.shtml">strip anonymity</a> from Internet users, and <a href="http://www.bbc.com/news/technology-30794953">outlaw encryption</a>, at the very moment where we have seen the importance (and difficulty) of defending the privacy of digital communications. The Special Rapporteur’s report is the perfect opportunity to speak up in favor of two of the best defenses we have against ubiquitous surveillance, and for a vibrant and free Internet.</p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=EFF%20tells%20UN%3A%20Anonymity%20and%20Encryption%20are%20the%20Guardians%20of%20Free%20Expression&amp;url=https%3A//www.eff.org/deeplinks/2015/02/tell-un-anonymity-encryption&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=EFF%20tells%20UN%3A%20Anonymity%20and%20Encryption%20are%20the%20Guardians%20of%20Free%20Expression&amp;u=https%3A//www.eff.org/deeplinks/2015/02/tell-un-anonymity-encryption" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2015/02/tell-un-anonymity-encryption" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=EFF%20tells%20UN%3A%20Anonymity%20and%20Encryption%20are%20the%20Guardians%20of%20Free%20Expression&amp;url=https%3A//www.eff.org/deeplinks/2015/02/tell-un-anonymity-encryption" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Wed, 11 Feb 2015 22:40:10 +0000Danny O&#039;Brien and Katitza Rodriguez84583 at https://www.eff.orgFree SpeechAnonymityInternationalEFF and CDT Tell FEC: Don't Increase Regulation of Online Speechhttps://www.eff.org/deeplinks/2015/01/eff-tells-fec-dont-amp-internet-regulation
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p class="MsoNormal"><span>Today, EFF and the <a href="https://cdt.org/">Center for Democracy &amp; Technology</a> (CDT) filed joint comments to the FEC, urging the agency to leave its current Internet rules in place. As we </span><a href="https://www.eff.org/deeplinks/2015/01/tell-fec-not-amp-internet-regulations"><span>blogged about earlier this week</span></a><span>, the FEC is considering whether or not to develop new Internet rules. But as we note in our earlier post—and in <a href="https://www.eff.org/document/eff-and-cdt-comments-fec">our comments to the FEC</a>—increased regulation of the Internet could chill speech and harm privacy and anonymity. </span></p>
<p class="MsoNormal"><span>Increased regulation of online political speech may also undermine two goals of campaign finance reform: protecting freedom of political speech and expanding political participation. As we explain in our comments: </span></p>
<blockquote><p class="MsoNormal"><span>Unlike political advertisements in the offline world, the Internet is not merely a tool of the wealthy political elite. Ordinary individuals can purchase Internet ads, create YouTube videos, and post banners on their personal websites to express support for particular candidates or parties—all for little or no cost. Extending campaign finance regulation to free and low-cost Internet speech will discourage individual citizens from engaging in such forms of political expression. Campaign finance rules should <i>encourage</i>—not discourage—participation in the online political debate.</span></p>
</blockquote>
<p class="MsoNormal"><span>As an organization dedicated to transparency, we appreciate the value in increasing public understanding of how money influences elections. However, we do not have confidence that the FEC can increase its regulation of online speech without harming free speech, privacy, and anonymity. </span></p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=EFF%20and%20CDT%20Tell%20FEC%3A%20Don%27t%20Increase%20Regulation%20of%20Online%20Speech&amp;url=https%3A//www.eff.org/deeplinks/2015/01/eff-tells-fec-dont-amp-internet-regulation&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=EFF%20and%20CDT%20Tell%20FEC%3A%20Don%27t%20Increase%20Regulation%20of%20Online%20Speech&amp;u=https%3A//www.eff.org/deeplinks/2015/01/eff-tells-fec-dont-amp-internet-regulation" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2015/01/eff-tells-fec-dont-amp-internet-regulation" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=EFF%20and%20CDT%20Tell%20FEC%3A%20Don%27t%20Increase%20Regulation%20of%20Online%20Speech&amp;url=https%3A//www.eff.org/deeplinks/2015/01/eff-tells-fec-dont-amp-internet-regulation" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Thu, 15 Jan 2015 20:48:16 +0000Jamie Williams83893 at https://www.eff.orgFree SpeechAnonymityBloggers' RightsTell the FEC Not to Amp Up Internet Regulationshttps://www.eff.org/deeplinks/2015/01/tell-fec-not-amp-internet-regulations
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p class="MsoNormal"><span><img src="/files/2015/01/13/youtube-speech-1.png" width="328" height="230" alt="" class="image-right" />The Federal Election Commission (FEC) is considering amping up its regulation of online political speech—an idea that should be rejected from the get-go. Back in 2006, the FEC adopted a </span><a href="https://www.eff.org/deeplinks/2006/03/fec-protects-bulk-internet-speech-campaign-finance-rules"><span>limited approach</span></a><span> to regulating the Internet. Some FEC commissioners feel that its approach has grown outdated. But increased regulation of the Internet would threaten both free speech and privacy. </span></p>
<p class="MsoNormal"><span>We have the opportunity to nip any new Internet regulations in the bud by convincing the FEC to maintain its commitment to protecting individuals’ online speech. The FEC is accepting comments on whether or not to develop new Internet rules. EFF is submitting comments later this week urging the FEC to leave the current Internet rules in place. <i>But the more comments from the public the better</i>. <strong>Submit comments telling the FEC not to amp up its Internet regulations </strong></span><strong><a href="https://act.eff.org/action/no-new-regulation-for-online-political-speech"><span>here</span></a></strong><span><strong>.</strong> </span></p>
<p class="MsoNormal"><span>The last time the FEC indicated that it was thinking about adopting regulations that would adversely impact the online community was back in 2005. But after intense criticism from First Amendment proponents—including EFF—the FEC, in 2006, adopted </span><a href="http://www.fec.gov/law/cfr/ej_compilation/2006/notice_2006-8.pdf"><span>Internet regulations</span></a><span> [pdf] limited to (a) paid advertisements and (b) </span><span>political campaigns, political parties, and political action committees (PACs) that post communications online. </span><span>The FEC left free and low-cost political commentary exempt from regulation. This was a win for bloggers and other online speakers, as we outline in our </span><a href="https://www.eff.org/issues/bloggers/legal/election"><span>Legal Guide for Bloggers</span></a><span>. </span><span></span></p>
<p class="MsoNormal"><span>Now, that victory is under threat. FEC Commissioner Ann Ravel </span><a href="http://eqs.fec.gov/eqsdocsMUR/14044363872.pdf"><span>wants to re-examine</span></a><span> [pdf] the FEC’s approach to online political speech. Her statement comes after the Commission </span><a href="http://eqs.fec.gov/eqsdocsMUR/14044363864.pdf"><span>deadlocked 3-to-3</span></a><span> [pdf] on whether to investigate a non-profit that posted two campaign videos on YouTube without including disclaimers or disclosing production costs. Although the FEC has not yet proposed new rules, it appears that Ravel supports overhauling the regulations around online speech. This could have a huge impact on free and low-cost online political speech, especially if new regulations place complicated and burdensome record-keeping and disclosure requirements on bloggers, YouTube posters, or other online speakers, including those who post anonymously.</span></p>
<p class="MsoNormal"><span>As an organization dedicated to transparency, we appreciate the value in increasing public understanding of how money influences elections. However, we do not have confidence that a politically appointed government board will be able to draw a line that separates the individual blogger or YouTuber from deep-pocketed special interest groups without damaging free speech.</span></p>
<p class="MsoNormal"><span>Increased regulation of online speech is not only likely to chill participation in the public debate, but it may also </span><span>threaten individual speakers’ privacy and right to post anonymously</span><span>. </span><span><span> </span>In so doing, it may undermine two goals of campaign finance reform: protecting freedom of political speech and expanding political participation. </span><span></span></p>
<p class="MsoNormal"><span>As we stated in our </span><a href="https://cdt.org/files/speech/political/20050603cdtcomments.pdf"><span>joint comments to the FEC back in 2005</span></a><span> [pdf], “</span><span>the Internet provides a counter-balance to the undue dominance that ‘big money’ has increasingly wielded over the political process in the past half-century.” </span><span>We believe that heightened regulation of online political speech will hamper the Internet’s ability to level the playing field.<span> <br /></span></span></p>
<p class="MsoNormal"><a href="https://act.eff.org/action/no-new-regulation-for-online-political-speech"><span>Submit your comments</span></a><span> to the FEC today and help us stop the Commission from adopting rules that threaten free speech and privacy. <b>Comments are due on Thursday, January 15, 2015.</b> </span></p>
<p class="MsoNormal"></p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Tell%20the%20FEC%20Not%20to%20Amp%20Up%20Internet%20Regulations&amp;url=https%3A//www.eff.org/deeplinks/2015/01/tell-fec-not-amp-internet-regulations&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Tell%20the%20FEC%20Not%20to%20Amp%20Up%20Internet%20Regulations&amp;u=https%3A//www.eff.org/deeplinks/2015/01/tell-fec-not-amp-internet-regulations" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2015/01/tell-fec-not-amp-internet-regulations" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Tell%20the%20FEC%20Not%20to%20Amp%20Up%20Internet%20Regulations&amp;url=https%3A//www.eff.org/deeplinks/2015/01/tell-fec-not-amp-internet-regulations" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Tue, 13 Jan 2015 02:57:58 +0000Jamie Williams83847 at https://www.eff.orgFree SpeechAnonymityBloggers' RightsEFF Submits Amicus Letter to California Supreme Court in Support of Anonymous Online Speakerhttps://www.eff.org/deeplinks/2015/01/eff-submits-amicus-letter-california-supreme-court-support-anonymous-online
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p class="MsoNormal"><span>EFF submitted an amicus letter to the California Supreme Court urging the justices to review a case that has significant implications for the free speech rights of anonymous online speakers under California law.</span></p>
<p class="MsoNormal"></p>
<p class="MsoNormal"><span>EFF wrote the amicus letter in support of an anonymous defendant (Doe 1) <span>who created a website to bring to light what he (or she) believes are abuses being perpetrated against the local Maasai population in Tanzania by a safari company. The company sued the defendant in California for defamation because he used the California-based Weebly web hosting service. Doe 1 filed and lost an anti-SLAPP motion in both the trial and appellate courts. </span>Although the Court of Appeal decision is </span><a href="http://www.courts.ca.gov/opinions/nonpub/A140537.PDF"><span>unpublished</span></a><span>, we urged the California Supreme Court to take the case because the decision reflects conflicting approaches taken by Courts of Appeal in interpreting the anti-SLAPP statutes. <span></span></span></p>
<p class="MsoNormal"></p>
<p class="MsoNormal"><span>There are two issues presented by the defendant/appellant for review by the California Supreme Court. First, contrary to the Court of Appeal’s decision, we agree with Doe 1 that if a defendant files an anti-SLAPP motion that meets the initial burden of showing that the plaintiff’s claim implicates the defendant’s rights of free speech on a “public issue,” the plaintiff should have to present both a legally sufficient complaint and substantiate that complaint with supporting evidence<b> </b>to overcome the motion – and the plaintiff should automatically lose the anti-SLAPP motion if the complaint is legally insufficient. Doe 1 had challenged the legal sufficiency of the safari company’s complaint because it included non-specific allegations of defamation. The lower courts allowed the safari company to cure its defective complaint – and thus overcome the anti-SLAPP motion – by filing declarations with additional evidence.</span></p>
<p class="MsoNormal"></p>
<p class="MsoNormal"><span>Second, a defendant’s anonymity should not be an excuse for a court not to consider whether the plaintiff has substantiated the fault element of a defamation claim. Instead of allowing for limited discovery so the safari company could attempt to prove that Doe 1 made defamatory statements negligently, knowing they were false, or with reckless disregard for whether they were true or false, the lower courts denied the anti-SLAPP motion outright, essentially punishing Doe 1 for guarding his identity.</span></p>
<p class="MsoNormal"></p>
<p class="MsoNormal"><span>We fear that should courts continue to grant plaintiffs broad flexibility and deference, defendants will more frequently lose anti-SLAPP motions and anonymous online speakers will more frequently be unmasked – chilling speech not only in the United States, but also in foreign countries like Tanzania. As </span><a href="http://www2.ohchr.org/english/bodies/hrcouncil/docs/17session/A.HRC.17.27_en.pdf"><span>Frank La Rue</span></a><span>, the United Nations Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, wrote: “The right to privacy is essential for individuals to express themselves freely. Indeed, throughout history, people’s willingness to engage in debate on controversial subjects in the public sphere has always been linked to possibilities for doing so anonymously.”</span></p>
<p class="MsoNormal"></p>
<p class="MsoNormal"><span>The Cyberlaw Clinic at the Berkman Center for Internet &amp; Society at Harvard Law School also highlighted the importance of anonymity to online speakers overseas in an </span><a href="http://cyberlawclinic.berkman.harvard.edu/files/2014/12/2014-12-05-Wineland-Thomson-v-Doe-amicus-letter.pdf"><span>amicus letter</span></a><span> urging the California Supreme Court to hear the appeal.</span></p>
<p class="MsoNormal"></p>
<p class="MsoNormal"><span>We hope that the California Supreme Court reviews the case and resolves the issues presented to ensure that First Amendment principles and the California anti-SLAPP statutes are appropriately applied to protect online and anonymous speakers from unfair retaliation.</span></p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=EFF%20Submits%20Amicus%20Letter%20to%20California%20Supreme%20Court%20in%20Support%20of%20Anonymous%20Online%20Speaker&amp;url=https%3A//www.eff.org/deeplinks/2015/01/eff-submits-amicus-letter-california-supreme-court-support-anonymous-online&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=EFF%20Submits%20Amicus%20Letter%20to%20California%20Supreme%20Court%20in%20Support%20of%20Anonymous%20Online%20Speaker&amp;u=https%3A//www.eff.org/deeplinks/2015/01/eff-submits-amicus-letter-california-supreme-court-support-anonymous-online" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2015/01/eff-submits-amicus-letter-california-supreme-court-support-anonymous-online" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=EFF%20Submits%20Amicus%20Letter%20to%20California%20Supreme%20Court%20in%20Support%20of%20Anonymous%20Online%20Speaker&amp;url=https%3A//www.eff.org/deeplinks/2015/01/eff-submits-amicus-letter-california-supreme-court-support-anonymous-online" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Fri, 02 Jan 2015 22:23:29 +0000Sophia Cope83748 at https://www.eff.orgFree SpeechAnonymityBloggers' RightsCyberSLAPPEFF 2014 Holiday Wish Listhttps://www.eff.org/deeplinks/2014/12/eff-2014-holiday-wishlist
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>For the <a href="https://www.eff.org/deeplinks/2011/12/effs-holiday-wish-list">last</a> <a href="https://www.eff.org/deeplinks/2012/12/effs-2012-holiday-wish-list">three</a> <a href="https://www.eff.org/deeplinks/2013/12/effs-2013-holiday-wishlist">years</a>, EFF has greeted the holiday season by publishing a list of things we'd like to see happen in the coming year. Sometimes these are actions we'd like to see taken by companies, and sometimes our wishes are aimed at governments, but we also include actions everyday people can take to advance our digital civil liberties. This year has seen great progress in areas such as transparency reports and encrypting digital communications. We want to build on that progress in 2015.</p>
<p>Here are some of the things we're wishing for this holiday:</p>
<ul><li>News organizations and individual journalists should make it easy to securely accept documents from anonymous sources by setting up their own instances of <a href="https://freedom.press/securedrop">SecureDrop.</a><a href="https://freedom.press/securedrop" securedrop="" a=""></a></li>
<li>President Obama should stand up for the privacy rights of people all over the world and <a href="https://act.eff.org/action/tell-obama-stop-mass-surveillance-under-executive-order-12333">amend Executive Order 12333</a> to prohibit mass surveillance. Most people have never heard of it, but Executive Order 12333 is "the primary authority under which the country’s intelligence agencies conduct the majority of their operations." So while the U.S. Congress is considering bills to curtail mass telephone surveillance, the NSA’s primary surveillance authority will be left unchallenged. Let's change that in 2015.</li>
<li>Congress should pass meaningful reform to the <a href="https://www.eff.org/deeplinks/2013/06/aarons-law-introduced-now-time-reform-cfaa">Computer Fraud and Abuse Act</a> and the <a href="http://digitaldueprocess.org/index.cfm?objectid=37940370-2551-11DF-8E02000C296BA163">Electronic Communications Privacy Act</a>.</li>
<li>Companies that provide digital communications services should enable real end-to-end encryption for users, without backdoors for law enforcement--we're looking at you <a href="https://www.techdirt.com/articles/20141214/06590429436/verizon-offers-encrypted-calling-with-nsa-backdoor-no-additional-charge.shtml">Verizon</a>! There have been some <a href="http://www.pcmag.com/article2/0,2817,2472340,00.asp">great steps</a> in this direction already, but we want to see a race to the top.</li>
<li>Websites should honor <a href="https://www.eff.org/issues/do-not-track">Do Not Track</a>.</li>
<li>Facebook should follow the lead of Google+ and drop its <a href="https://www.eff.org/deeplinks/2014/09/facebooks-real-name-policy-can-cause-real-world-harm-lgbtq-community">harmful</a> "real names" policy.</li>
<li>Congress should defend users and refuse to put secret trade agreements, like the <a href="https://www.eff.org/issues/tpp">Trans-Pacific Partnership (TPP) agreement</a>, on the <a href="https://act.eff.org/action/don-t-let-congress-fast-track-tpp">fast track</a> to ratification. Deals like TPP include provisions that threaten digital rights for Internet users everywhere in the name of intellectual property protection.</li>
<li>US policymakers should strongly advocate for the benefits of a flexible fair use system. When they are involved in international policymaking, they should propose safeguards for users to counteract extreme copyright restrictions. They should start by supporting a <a href="https://www.eff.org/deeplinks/2014/12/libraries-face-against-publishers-and-european-union-wipo">legally binding treaty</a> for copyright exceptions and limitations for libraries and archives.</li>
<li>All Internet sites should adopt cryptographic best practices for every connection, every time, including PFS, STARTTLS, HSTS, and encrypted traffic between data centers.</li>
<li>Companies should offer clear guidelines and a path for the disclosure of vulnerabilities that will not get security researchers sued.</li>
<li>The NSA and the Office of the Director of National Intelligence should disclose its <a href="https://www.eff.org/press/releases/eff-sues-nsa-director-national-intelligence-zero-day-disclosure-process">Vulnerability Equities Process</a>. All that they've told us so far is that this process is used to determine whether to disclose software security flaws known as "zero days" or to keep them secret for their own use, but we've had to file a FOIA lawsuit to get the details.</li>
</ul></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=EFF%202014%20Holiday%20Wish%20List&amp;url=https%3A//www.eff.org/deeplinks/2014/12/eff-2014-holiday-wishlist&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=EFF%202014%20Holiday%20Wish%20List&amp;u=https%3A//www.eff.org/deeplinks/2014/12/eff-2014-holiday-wishlist" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2014/12/eff-2014-holiday-wishlist" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=EFF%202014%20Holiday%20Wish%20List&amp;url=https%3A//www.eff.org/deeplinks/2014/12/eff-2014-holiday-wishlist" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Fri, 19 Dec 2014 00:02:28 +0000Eva Galperin83660 at https://www.eff.orgCommentaryFree SpeechAnonymityPrivacyNSA SpyingSocial NetworksSecurityAppeals Court Rules in Favor of Anonymous Speech in California Prop. 35 Casehttps://www.eff.org/press/releases/appeals-court-rules-favor-anonymous-speech-california-prop-35-case
<div class="field field-name-field-pr-subhead field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">ACLU of Northern California, EFF Prevail in Appeal Over Internet Restrictions for Registered Sex Offenders</div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>San Francisco - The Ninth Circuit Court of Appeals ruled today that Proposition 35, a 2012 California ballot initiative that would have restricted the rights of registered sex offenders to communicate on the Internet, is likely unconstitutional. The <a href="https://www.eff.org/cases/doe-v-harris">opinion</a> affirms an earlier district court ruling in <em><a href="https://www.eff.org/cases/doe-v-harris">Doe v. Harris</a></em>, a lawsuit filed by the American Civil Liberties Union (ACLU) of Northern California and the Electronic Frontier Foundation (EFF) in 2012.</p>
<p>Proposition 35, also known as the Californians Against Sexual Exploitation Act (CASE Act), requires anyone who is a registered sex offender—even people with decades-old, low-level offenses whose offenses were not related to the Internet—to turn over a list of all their Internet user names and online service providers to law enforcement. Under the law, more than 73,000 Californians would have been forced to provide this information to the government, and report any new account or screen name within 24 hours of setting it up, even if the new screen name is their own real name. Violations would have potentially resulted in years in prison.</p>
<p>"The Ninth Circuit has agreed that the onerous online speech restrictions required by Prop. 35 violate the First Amendment," said Linda Lye, senior staff attorney at the ACLU of Northern California. "The portions of Prop. 35 that unconstitutionally limit what people say online won't help us end human trafficking. Anonymity is key to protecting speech by unpopular or controversial groups and allowing robust political debate."</p>
<p>The ACLU of Northern California and EFF filed a <a href="https://www.eff.org/press/releases/aclu-and-eff-challenge-free-speech-restrictions-californias-proposition-35">lawsuit</a> the day after the law was passed in 2012, challenging these reporting requirements as a burden on the First Amendment right to free and anonymous speech. A lower court agreed with the groups in January 2013 and issued a <a href="https://www.eff.org/deeplinks/2013/01/free-speech-victory-court-grants-preliminary-injunction-effs-prop-35-suit">preliminary injunction</a>, halting enforcement of the law. Today, the Ninth Circuit upheld that lower court ruling.</p>
<p>"[T]he CASE Act directly and exclusively burdens speech, and a substantial amount of that speech is clearly protected under the First Amendment," Ninth Circuit Judge Jay Bybee wrote in the opinion.</p>
<p>The court noted that the law was overly broad, affecting speech unrelated to sexual offenses, such as "blogging about political topics and posting comments to online news articles. " This creates the "inevitable effect of burdening sex offenders' ability to engage in anonymous online speech," Bybee wrote. The court also found that there was no evidence that throwing out this part of Proposition 35 would hamper the state's ability to investigate online sex offenses.</p>
<p>"We're pleased the court recognized important First Amendment principles of free and anonymous speech apply to everyone, regardless of what crimes they may have committed in the past," EFF Staff Attorney Hanni Fakhoury said. "While the law may be well-intentioned, its broad language opened the door for the government to chill free speech. Restrictions targeting sex offenders are often a stepping stone for the expansion of law enforcement power against other classes of unpopular people."</p>
<p>The court's ruling means the preliminary injunction prohibiting enforcement of the reporting requirements of the CASE Act remains in effect.</p>
<h3>Contact:</h3>
<p>Dave Maass<br />
Media Relations Coordinator<br />
Electronic Frontier Foundation<br />
<a href="mailto:press@eff.org">press@eff.org</a></p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Appeals%20Court%20Rules%20in%20Favor%20of%20Anonymous%20Speech%20in%20California%20Prop.%2035%20Case&amp;url=https%3A//www.eff.org/press/releases/appeals-court-rules-favor-anonymous-speech-california-prop-35-case&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Appeals%20Court%20Rules%20in%20Favor%20of%20Anonymous%20Speech%20in%20California%20Prop.%2035%20Case&amp;u=https%3A//www.eff.org/press/releases/appeals-court-rules-favor-anonymous-speech-california-prop-35-case" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/press/releases/appeals-court-rules-favor-anonymous-speech-california-prop-35-case" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Appeals%20Court%20Rules%20in%20Favor%20of%20Anonymous%20Speech%20in%20California%20Prop.%2035%20Case&amp;url=https%3A//www.eff.org/press/releases/appeals-court-rules-favor-anonymous-speech-california-prop-35-case" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Tue, 18 Nov 2014 22:27:10 +0000Dave Maass83242 at https://www.eff.orgAT&T Ditches Tracking Header Program; Verizon Still Refuseshttps://www.eff.org/deeplinks/2014/11/att-ditches-tracking-header-program-verizon-still-refuses
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p dir="ltr">Julia Angwin reported late Thursday that <a href="http://www.propublica.org/article/att-stops-using-undeletable-phone-tracking-ids">AT&amp;T is dropping their tracking supercookie program</a>. This comes in the wake of massive customer pressure over the discovery that AT&amp;T and Verizon were <a href="https://www.eff.org/deeplinks/2014/11/verizon-x-uidh">quietly inserting unique tracking identifiers</a> in their customers' web browsing and app data, by means of an HTTP header. The tracking identifiers quickly became known as "supercookies" because they enable tracking, like cookies, but cannot be removed.</p>
<p dir="ltr">AT&amp;T told Angwin that the header program "has been phased off our network." Security researcher Kenn White, who operates a site to <a href="http://lessonslearned.org/sniff">check whether a carrier inserts the header</a>, partially confirmed the report. White said "<a href="https://twitter.com/kennwhite/status/533118809545007104">it's not zero, but as a relative proportion, down over 90% and falling.</a>" At least <a href="https://twitter.com/stevecheckoway/status/533118225719263232">one person found</a> that AT&amp;T is still sending the header, so it's important that AT&amp;T do a full review of their network to ensure the phase-out is truly complete. Angwin also reports that Verizon is continuing its tracking program. EFF's own tests so far confirm the tracking header is now absent from accounts that were previously subject to header injection.</p>
<p dir="ltr"></p>
<p dir="ltr">
</p><p></p><div class="caption caption-center"><div class="caption-inner"><a href="https://www.eff.org/files/2014/11/14/verizon_and_att_uids_seen_on_lessonslearnedorgsniff_2_0.png"><img src="/files/styles/large/public/2014/11/14/verizon_and_att_uids_seen_on_lessonslearnedorgsniff_2_0.png?itok=Y3mVrtY3" alt="" title="Verizon vs AT&amp;T headers sent over time, showing decline in AT&amp;T header. Chart by Kenn White." class="image-large" width="480" height="209" /></a>Decline in observed AT&amp;T headers. Chart by Kenn White.</div></div>
<p dir="ltr"></p>
<p>This move by AT&amp;T leaves Verizon out in the cold as the only remaining US provider to insert these tracking headers, and shows that concerned customers can produce meaningful change in their carriers' policies. It is also a victory for carrier non-interference with customer data. We call on Verizon to follow AT&amp;T's lead and terminate their tracking header injection program or convert it to a true opt-in, immediately.</p>
<p>There have also been <a href="http://mybroadband.co.za/news/security/113037-vodacom-exposing-your-number-to-every-website-you-visit.html">reports of international mobile providers</a> doing <a href="https://www.reddit.com/r/sweden/comments/2msach/swedish_phone_companies_telenor_universal_leak/">similar tracking header injection</a>. We call on all network providers globally to respect their customers' data and not inject tracking headers.</p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=AT%26T%20Ditches%20Tracking%20Header%20Program%3B%20Verizon%20Still%20Refuses&amp;url=https%3A//www.eff.org/deeplinks/2014/11/att-ditches-tracking-header-program-verizon-still-refuses&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=AT%26T%20Ditches%20Tracking%20Header%20Program%3B%20Verizon%20Still%20Refuses&amp;u=https%3A//www.eff.org/deeplinks/2014/11/att-ditches-tracking-header-program-verizon-still-refuses" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2014/11/att-ditches-tracking-header-program-verizon-still-refuses" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=AT%26T%20Ditches%20Tracking%20Header%20Program%3B%20Verizon%20Still%20Refuses&amp;url=https%3A//www.eff.org/deeplinks/2014/11/att-ditches-tracking-header-program-verizon-still-refuses" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Fri, 14 Nov 2014 20:12:44 +0000Jacob Hoffman-Andrews83169 at https://www.eff.orgCommentaryAnonymityNet NeutralityInternationalPrivacyVerizon Injecting Perma-Cookies to Track Mobile Customers, Bypassing Privacy Controlshttps://www.eff.org/deeplinks/2014/11/verizon-x-uidh
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>Verizon users might want to start looking for another provider. In an effort to <a href="http://www.adexchanger.com/data-exchanges/can-you-identify-me-now-a-deep-dive-on-verizons-data-practices/">better serve advertisers</a>, Verizon Wireless has been silently modifying its users' web traffic on its network to inject a cookie-like tracker. This tracker, included in an HTTP header called X-UIDH, is sent to every unencrypted website a Verizon customer visits from a mobile device. It allows third-party advertisers and websites to assemble a deep, permanent profile of visitors' web browsing habits without their consent.</p><p>Verizon apparently created this mechanism to expand <a href="http://precisionmarketinsights.com/our-data-products/precisionid/">their advertising programs</a>, but it has privacy implications far beyond those programs. Indeed, while we're concerned about Verizon's own use of the header, we're even more worried about what it allows <em>others </em>to find out about Verizon users. The X-UIDH header effectively reinvents the cookie, but does so in a way that is shockingly insecure and dangerous to your privacy. Worse still, Verizon doesn't let users turn off this "feature." In fact, it functions even if you use a private browsing mode or clear your cookies. You can test whether the header is injected in your traffic by visiting <a href="http://lessonslearned.org/sniff">lessonslearned.org/sniff</a>&nbsp;or <a href="http://www.amibeingtracked.com/">amibeingtracked.com</a>&nbsp;over a cell data connection.</p><h3>How X-UIDH Works, and Why It's a Problem</h3><p>Like a cookie, this header uniquely identifies users to the websites they visit. Verizon adds the header at the network level, between the user's device and the servers with which the user interacts. Unlike a cookie, the header is tied to a data plan, so anyone who browses the web through a hotspot, or shares a computer that uses cellular data, gets the same X-UIDH header as everyone else using that hotspot or computer. That means advertisers may build a profile that reveals private browsing activity to coworkers, friends, or family through targeted advertising.</p><p>Also unlike a cookie, Verizon's header is nearly invisible to the user and can't be seen or changed in the device's browser settings. If a user clears their cookies, the X-UIDH header remains unchanged. Worse, ad networks can immediately assign new cookies and link them to the cleared cookies using the unchanged X-UIDH value. We don't know which data brokers and ad networks are using the header to create behavioral profiles, but <a href="http://codydunne.blogspot.com/2014/10/verizon-wireless-injecting-tracking.html" style="line-height: 20.0063037872314px;">Cory Dunne found</a> at least one GitHub repository contained code to extract the header value, as of October 27. The repository has since been quietly deleted but <a href="https://web.archive.org/web/20141027194059/https://github.com/Funnerator/fast_tim_conf/blob/master/lua/id_set.lua" style="line-height: 20.0063037872314px;">can be viewed at the Internet Archive</a>. Twitter's mobile advertising division also <a href="http://www.propublica.org/article/somebodys-already-using-verizons-id-to-track-users">appears to use the header for ad auctions</a>.</p><p>Besides cookie clearing, the X-UIDH header bypasses several other built-in browser privacy mechanisms. Cookies belong to a single website and aren't shared with other websites. But one unique X-UIDH header value is shared with all unencrypted websites a user visits, making it easier for ad networks to track that user across many sites in a way not possible with cookies alone. Browsers provide Incognito Mode or Private Browsing Mode in order to defeat some kinds of tracking, but the X-UIDH header, since it is injected at the network layer, ignores those modes. Verizon also chooses to ignore <a href="https://www.eff.org/issues/do-not-track">Do Not Track</a>, a setting users enable in their browser to indicate they do not want to be tracked. Similarly, disabling third-party cookies in browser settings does nothing to stop the X-UIDH header.</p><p>To compound the problem, the header also affects more than just web browsers. Mobile apps that send HTTP requests will also have the header inserted. This means that users' behavior in apps can be correlated with their behavior on the web, which would be difficult or impossible without the header. Verizon describes this as a key benefit of using their system. But Verizon bypasses the 'Limit Ad Tracking' settings in iOS and Android that are specifically intended to limit abuse of unique identifiers by mobile apps.</p><p>Because the header is injected at the network level, Verizon can add it to anyone using their towers, even those who aren't Verizon customers. Notably, Verizon appears to inject the X-UIDH header <a href="https://twitter.com/RonnicaZ/status/525786331272998912">even for customers of Straight Talk</a>, a mobile network reseller (known as a MVNO) that uses Verizon's network. Customers of Straight Talk don't necessarily have a relationship with Verizon.</p><p>But according to AdAge, "<a href="http://adage.com/article/digital/verizon-target-mobile-subscribers-ads/293356/">Corporate and government subscribers are excluded from the new marketing solution</a>." We haven't verified (and Verizon refuses to say) whether the header is still sent for those subscribers or not. If they are indeed excepted from the program, that indicates to us that implementing an opt-out is feasible. We're disappointed that Verizon takes some of its users' privacy more seriously than others.</p><h3>Verizon's Claimed Protections</h3><p>Verizon does provide a sort of limited <a href="https://www.verizonwireless.com/myprivacy/">opt-out</a> for individual customers, but it appears that the opt-out does not actually disable the header. Instead, it merely tells Verizon not to share detailed demographic information with advertisers who present a UIDH value. Meaningful protection from tracking by <em>third parties </em>would require Verizon to omit the header entirely.</p><p>According to Verizon, the header value is a <a href="https://security.stackexchange.com/questions/51959/why-are-salted-hashes-more-secure">salted hash</a>, and the hash changes <a href="http://www.propublica.org/article/somebodys-already-using-verizons-id-to-track-users">on an undisclosed frequency</a>. However, it's easy for third-party ad networks to create a continuous profile by associating old and new X-UIDH values through their own identifier cookie<a class="see-footnote" id="footnoteref1_0nlc5xs" title="For instance, suppose an ad network assigned you a cookie with the unique value &quot;cookie1,&quot; and Verizon assigned you the X-UIDH header &quot;old_uid.&quot; When Verizon changes your X-UIDH header to a new value, say &quot;new_uid,&quot; the ad network can connect &quot;new_uid&quot; and &quot;old_uid&quot; to the same cookie value &quot;cookie1&quot; and see that they all three values represent the same person. Similarly, if you subsequently clear cookies, the ad network will assign a new cookie value &quot;cookie2.&quot; Since your X-UIDH value is the same (say, &quot;new_uid&quot;) before and after clearing cookies, the ad network can connect &quot;cookie1&quot; and &quot;cookie2&quot; to the same X-UIDH value &quot;new_uid.&quot; The back-and-forth bootstrapping of identity makes it impossible to truly clear your tracking history while the X-UIDH header is enabled." href="#footnote1_0nlc5xs">1</a>. Verizon has refused to say what identifier they hash to create the identifier, but <a href="http://patents.justia.com/patent/8763101">their recent patent</a> suggests hashing a phone number. If they are indeed hashing phone numbers, it would be a major cryptographic mistake. Phone numbers can easily be deduced from hashes, so sending those hashes to untrusted web sites is practically equivalent to giving them your phone number.</p><p>Besides the ad networks, the unique X-UIDH header is a boon to eavesdroppers. We have seen that the NSA uses similar identifying metadata as 'selectors' to collect all of a single person's Internet activity. They also have been shown to use selectors to choose targets for delivering malware via <a href="http://www.wired.com/2013/11/this-is-how-the-internet-backbone-has-been-turned-into-a-weapon/">QUANTUMINSERT</a> and similar programs. Having all Verizon mobile users' web traffic marked with a persistent, unique identifier makes it trivial for anyone passively eavesdropping on the Internet to associate that traffic with the individual user in a way not possible with IP addresses alone.</p><p>According to Verizon, it <a href="http://www.huffingtonpost.com/2012/10/17/verizon-precision-market-insights_n_1971265.html">began the Precision Market Insights program in 2012</a>, but has consistently refused to provide technical details about how the program worked. The injection of the X-UIDH header went largely unremarked by the technical community until recently because it is so hard to observe. The header is inserted in requests after they leave the phone, so customers cannot detect it using only a phone. In order to detect it, a user needs to run a web server configured to log or echo all HTTP headers, which is very rare.</p><h3>How You Can Protect Yourself</h3><p>Verizon can only modify plaintext traffic. It can't modify encrypted requests without breaking the whole connection. There are four options for encrypting web requests: HTTPS, an encrypted proxy, a VPN, or Tor. Only a VPN or Tor provide full protection in this case.</p><p>The best protection against this specific problem is to use a <a href="https://ssd.eff.org/en/module/choosing-vpn-thats-right-you">VPN</a> that encrypts all requests made from your phone, regardless of whether they were made by an app or a browser. Most VPNs are paid services, and when using a VPN you have to trust the VPN operators the same way you would normally trust your ISP. Advanced users can also use <a href="https://www.torproject.org/">Tor</a> via <a href="https://play.google.com/store/apps/details?id=org.torproject.android&amp;hl=en">Orbot Android app</a> in transparent proxy mode (requires root). Tor is free, but you have to trust exit node operators <a href="http://www.leviathansecurity.com/blog/the-case-of-the-modified-binaries/">not to interfere with your connection</a>. Tor is more appropriate if you are trying to be anonymous.</p><p>The second-best protection is to use an encrypted proxy, which protects browser traffic but not mobile apps. Mobile Chrome provides the '<a href="https://support.google.com/chrome/answer/2392284?hl=en">Reduce data usage</a>' setting, which is reported to prevent the X-UIDH header injection. Unfortunately, this connection is not reliably encrypted, because <a href="https://support.google.com/chrome/answer/3517349?hl=en">an ISP can disable encryption on it at any time</a>.</p><p>HTTPS, which is the best protection for many types of harm, is actually the least powerful protection for this one. The header cannot be injected into an HTTPS request, but since websites choose whether to offer HTTPS, a site that wants to track users can simply avoid HTTPS and get the tracking headers. <a href="https://www.eff.org/deeplinks/2013/11/encrypt-web-report-whos-doing-what">The web needs to become fully encrypted</a>, and these X-UIDH headers provide a strong disincentive for sites and advertisers who wish to track their users to adopt HTTPS. In fact, the <a href="https://www.google.com/patents/US20130273886">AT&amp;T patent</a> on similar headers recommends downgrading (redirecting) secure HTTPS requests to HTTP ones in order to receive the tracking header.</p><h3>What Verizon Should Do</h3><p>Verizon should immediately stop injecting the X-UIDH tracking header into its users' traffic. It is entirely possible to re-design their marketing programs so that the header is only injected for users who explicitly consent to having their Internet connections modified to add tracking information, and to do so in a way that <a href="http://webpolicy.org/2014/10/24/how-verizons-advertising-header-works/">doesn't allow third-party sites to track users across the Internet</a>.</p><p>We're also concerned that Verizon's failure to permit its users to opt out of X-UIDH may be a violation of <a href="http://www.law.cornell.edu/uscode/text/47/222">the federal law</a> that requires phone companies to maintain the confidentiality of their customers' data. Only two months ago, the wireline sector of Verizon's business was hit with a <a href="http://transition.fcc.gov/Daily_Releases/Daily_Business/2014/db0903/DOC-329127A1.pdf">$7.4 million fine</a> by the Federal Communications Commission after it was caught using its "customers' personal information for thousands of marketing campaigns without even giving them the choice to opt out." With this header, it looks like Verizon lets its customers opt out of the marketing side of the program, but not from the disclosure of their browsing habits.</p><p>More generally, Verizon should stop tampering with their customers' Internet traffic without their customers' consent. ISPs like Verizon act as trusted connectors to the world, and shouldn't be modifying our communications on their way to the Internet. People should not be required to subscribe to a VPN and put their trust in a third party in order to get a modicum of privacy on the Internet.</p><p><span style="line-height: 20.0063037872314px;">AT&amp;T has been </span><a href="http://www.forbes.com/sites/kashmirhill/2014/10/28/att-says-its-testing-unkillable-tracker-on-customers-smartphones/" style="line-height: 20.0063037872314px;">reported to be testing a similar header</a><span style="line-height: 20.0063037872314px;">.</span></p>
<ul class="footnotes"><li class="footnote" id="footnote1_0nlc5xs"><a class="footnote-label" href="#footnoteref1_0nlc5xs">1.</a> For instance, suppose an ad network assigned you a cookie with the unique value "cookie1," and Verizon assigned you the X-UIDH header "old_uid." When Verizon changes your X-UIDH header to a new value, say "new_uid," the ad network can connect "new_uid" and "old_uid" to the same cookie value "cookie1" and see that they all three values represent the same person. Similarly, if you subsequently clear cookies, the ad network will assign a new cookie value "cookie2." Since your X-UIDH value is the same (say, "new_uid") before and after clearing cookies, the ad network can connect "cookie1" and "cookie2" to the same X-UIDH value "new_uid." The back-and-forth bootstrapping of identity makes it impossible to truly clear your tracking history while the X-UIDH header is enabled.</li>
</ul>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Verizon%20Injecting%20Perma-Cookies%20to%20Track%20Mobile%20Customers%2C%20Bypassing%20Privacy%20Controls&amp;url=https%3A//www.eff.org/deeplinks/2014/11/verizon-x-uidh&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Verizon%20Injecting%20Perma-Cookies%20to%20Track%20Mobile%20Customers%2C%20Bypassing%20Privacy%20Controls&amp;u=https%3A//www.eff.org/deeplinks/2014/11/verizon-x-uidh" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2014/11/verizon-x-uidh" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Verizon%20Injecting%20Perma-Cookies%20to%20Track%20Mobile%20Customers%2C%20Bypassing%20Privacy%20Controls&amp;url=https%3A//www.eff.org/deeplinks/2014/11/verizon-x-uidh" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Mon, 03 Nov 2014 18:51:03 +0000Jacob Hoffman-Andrews82886 at https://www.eff.orgTechnical AnalysisAnonymityPrivacyDo Not TrackOnline Behavioral TrackingEFF, Internet Archive, and reddit Oppose New York’s BitLicense Proposalhttps://www.eff.org/press/releases/eff-internet-archive-and-reddit-oppose-new-yorks-bitlicense-proposal
<div class="field field-name-field-pr-subhead field-type-text field-label-hidden"><div class="field-items"><div class="field-item even"> Privacy, Economic and Free Speech Flaws in Proposed Bitcoin Regulatory Scheme</div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>San Francisco - The Electronic Frontier Foundation (EFF), along with reddit and the Internet Archive, today filed <a href="https://www.eff.org/document/bitlicense-comments-eff-internet-archive-and-reddit">formal comments </a>with the New York State Department of Financial Services opposing the state's proposed regulations for digital currencies such as Bitcoin. In the letter, EFF argues that on top of damaging privacy and harming innovation, New York's "BitLicense" regulatory scheme also risks infringing on First Amendment rights to freedom of expression and association.</p>
<p>The State of New York is currently considering BitLicense, <a href="http://www.dfs.ny.gov/about/press2014/pr1407171-vc.pdf">a sprawling regulatory framework</a> that would mandate licenses for a wide range of companies in the digital currency space. The regulations would force applicants to submit significant personal information to the state, including fingerprints and head-shot photographs. The policy would also require these companies to maintain detailed records about all transactions for 10 years, including identity data of users.</p>
<p>"Digital currencies such as Bitcoin strengthen privacy and are resistant to censorship," EFF Activism Director Rainey Reitman said. "We should consider this a feature, not a bug; it's an innovative way of importing some of the civil liberties protections we already enjoy offline into the digital world."</p>
<p>EFF notes that digital currency protocols are used for more than just payments—they have expressive and associational uses, too. Bitcoin-like systems are used for organizing and engaging with groups or communities. In addition, Bitcoin block chains frequently contain political speech, such as famous quotes and portraits of prominent historical figures. As currently written, EFF argues, the BitLicense regulations place an unacceptable burden on free speech and association.</p>
<p>"The courts have long recognized that code is speech protected by the First Amendment," EFF Special Counsel Marcia Hofmann said. "At their core, digital currency protocols are code. Attempts to regulate code must include robust protections to ensure constitutionally protected speech is not stifled, and the BitLicense proposal would undermine those First Amendment principles."</p>
<p>On Oct. 15, EFF launched an <a href="https://act.eff.org/action/stop-the-bitlicense">online activism campaign</a> encouraging Internet users to oppose the BitLicense proposal by submitting comments to the New York State Department of Financial Services.</p>
<p>For the text of EFF's comments:<br /><a href="https://www.eff.org/document/bitlicense-comments-eff-internet-archive-and-reddit">https://www.eff.org/document/bitlicense-comments-eff-internet-archive-and-reddit</a></p>
<p>For EFF's activism campaign:<br /><a href="https://www.eff.org/deeplinks/2014/10/beware-bitlicense-new-yorks-virtual-currency-regulations-invade-privacy-and-hamper">https://www.eff.org/deeplinks/2014/10/beware-bitlicense-new-yorks-virtual-currency-regulations-invade-privacy-and-hamper</a></p>
<h3>Contact:</h3>
<p>Rainey Reitman<br />
Activism Director<br />
Electronic Frontier Foundation<br />
<a href="mailto:rainey@eff.org">rainey@eff.org</a></p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=EFF%2C%20Internet%20Archive%2C%20and%20reddit%20Oppose%20New%20York%E2%80%99s%20BitLicense%20Proposal&amp;url=https%3A//www.eff.org/press/releases/eff-internet-archive-and-reddit-oppose-new-yorks-bitlicense-proposal&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=EFF%2C%20Internet%20Archive%2C%20and%20reddit%20Oppose%20New%20York%E2%80%99s%20BitLicense%20Proposal&amp;u=https%3A//www.eff.org/press/releases/eff-internet-archive-and-reddit-oppose-new-yorks-bitlicense-proposal" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/press/releases/eff-internet-archive-and-reddit-oppose-new-yorks-bitlicense-proposal" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=EFF%2C%20Internet%20Archive%2C%20and%20reddit%20Oppose%20New%20York%E2%80%99s%20BitLicense%20Proposal&amp;url=https%3A//www.eff.org/press/releases/eff-internet-archive-and-reddit-oppose-new-yorks-bitlicense-proposal" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Tue, 21 Oct 2014 21:18:31 +0000Dave Maass82791 at https://www.eff.orgDear Facebook: Sorry is a Start. Now Let's See Solutions.https://www.eff.org/deeplinks/2014/10/dear-facebook-sorry-start-now-lets-see-solutions
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>When it comes to Facebook’s real names policy, it’s really clear—something needs to change. Over the last few weeks, <a href="https://www.eff.org/files/2014/10/01/openlettertofacebookregardingrealnamepolicy_0.pdf">we’ve joined </a>dozens of advocates in saying so. And in a meeting with LGBTQ and digital rights advocates, Facebook agreed. Of course, admitting there’s a problem is always the first step towards a solution. But what’s not clear is what that solution will be.</p>
<p>EFF continues to believe that the best solution is simply to <a href="https://www.eff.org/deeplinks/2011/07/case-pseudonyms">get rid of</a> the "real names” policy entirely. But barring that, Facebook needs to find a solution that takes into account the <a href="http://geekfeminism.wikia.com/wiki/Who_is_harmed_by_a_%22Real_Names%22_policy%3F">myriad groups</a> of people affected by Facebook’s faulty policy, from undocumented immigrants, to activists in oppressive regimes, to survivors of domestic violence.</p>
<p>Facebook’s Chief Product Officer, Chris Cox, posted a <a href="https://www.facebook.com/chris.cox/posts/10101301777354543">statement </a>[if you don’t have a Facebook account, <a href="https://www.eff.org/files/2014/10/01/text.chris_.cox_.statement.pdf">click here</a> to read the text of the statement] on Facebook in which he apologized to “members of the LGBT community for the hardship that we've put you through in dealing with your Facebook accounts over the past few weeks.”</p>
<p>With regards to the policy, and solutions moving forward, he states:</p>
<blockquote><p>Our policy has never been to require everyone on Facebook to use their legal name. The spirit of our policy is that everyone on Facebook uses the authentic name they use in real life….[W]e're already underway building better tools for authenticating the Sister Romas of the world while not opening up Facebook to bad actors. And we're taking measures to provide much more deliberate customer service to those accounts that get flagged so that we can manage these in a less abrupt and more thoughtful way.</p></blockquote>
<p>We’re encouraged by Facebook’s commitment to continue to work on this issue. There’s no question that the way Facebook’s system is implemented now is <a href="http://www.sfbg.com/2014/09/23/privacy-identity-and-facebook?page=0%2C0">incredibly flawed</a> and ripe for misuse. The enforcement mechanism has allowed abusive users to recreate the very online bullying the policy is supposed to prevent by going on reporting sprees. And when accounts like Sister Roma’s are suspended, users have had no recourse.</p>
<p>While getting rid of the policy altogether would be a better move, and easier to implement, if Facebook is really committed to prohibiting anonymity on the site, there is a lot of room for improvement when it comes to the way any names policy is enforced. Account suspensions shouldn’t be virtually automatic. There must be mechanisms in place that allow real review of accounts, so that they don’t ever get to the checkpoint that asks for an ID in the first place. Additionally, reporting sprees like the one that targeted the trans community last month should be treated as abusive behavior. But most importantly, Facebook’s standards and enforcement team should be focused on bad behavior, not names.</p>
<p>But Facebook hasn’t addressed the real problem here: the company will not stop requiring verification of names. And that means that, unless Facebook can commit to an extraordinary level of review when accounts are reported, trans people who don’t have an ID with their real name (as opposed to their legal name) will continue to have their accounts suspended. Activists using pseudonyms, even pseudonyms they might use in all of their political activity, will have their accounts suspended. Undocumented immigrants, who may not have any form of identification at all or may feel uncomfortable providing it, will have their accounts suspended.</p>
<p>Facebook’s proposed solutions don’t really get to the heart of the problem: the real names policy itself.</p>
<p>And it’s also problematic that Cox stated both that Facebook’s policy has never been to require legal names and that the real names policy has only now become a problem.</p>
<p>Facebook’s publicly available <a href="https://www.facebook.com/help/112146705538576">policies</a> state: “The name you use should be your real name as it would be listed on your credit card, driver's license or student ID.” While the words “legal name” aren’t here, the forms of ID listed in the policy will, in almost every case, match the ID on a birth certificate. If that’s not what Facebook means, it needs to change the language of its policies right now. Facebook also needs to be clear that it will treat reporting sprees—both the individual accounts that engage in them, as well as groups formed to encourage them—as abusive.</p>
<p>What’s more, this is hardly <a href="https://www.eff.org/deeplinks/2011/12/2011-review-nymwars">the first time</a> Facebook has <a href="http://www.cnet.com/news/amid-unrest-a-hard-new-look-at-online-anonymity/">been confronted</a> with its policy's problems. EFF and other digital rights organizations such as ACCESS have been pointing to problems with Facebook’s policy for years. And <a href="http://jilliancyork.com/2010/04/08/on-facebook-deactivations/">over four years ago</a> EFF’s Director for International Freedom of Expression Jillian York wrote about a spree of account suspensions focused on activists including accounts critical of Islam, “gay rights activists, Jewish activists, activists for a free Palestine, and activists against the Venezuelan regime (among others).” In fact, it turns out “a group was created on Facebook (in Arabic) for the sole purpose of reporting, and thus having removed, Facebook profiles of atheist Arabs.” So it’s disingenuous for Facebook to say that this only now has become a problem.</p>
<p>With all of those caveats, we do believe that Facebook’s decision to apologize and commit to working on solutions is a positive sign. We will continue to work towards solutions that help Facebook users now, while pushing for an end to the real names policy in the long term.</p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Dear%20Facebook%3A%20Sorry%20is%20a%20Start.%20Now%20Let%27s%20See%20Solutions.&amp;url=https%3A//www.eff.org/deeplinks/2014/10/dear-facebook-sorry-start-now-lets-see-solutions&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Dear%20Facebook%3A%20Sorry%20is%20a%20Start.%20Now%20Let%27s%20See%20Solutions.&amp;u=https%3A//www.eff.org/deeplinks/2014/10/dear-facebook-sorry-start-now-lets-see-solutions" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2014/10/dear-facebook-sorry-start-now-lets-see-solutions" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Dear%20Facebook%3A%20Sorry%20is%20a%20Start.%20Now%20Let%27s%20See%20Solutions.&amp;url=https%3A//www.eff.org/deeplinks/2014/10/dear-facebook-sorry-start-now-lets-see-solutions" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Thu, 02 Oct 2014 00:17:03 +0000Dia Kayyali82504 at https://www.eff.orgFree SpeechAnonymityNine Epic Failures of Regulating Cryptographyhttps://www.eff.org/deeplinks/2014/09/nine-epic-failures-regulating-cryptography
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p><b>Update 9/26/14:</b> Recently Apple has <a href="https://www.apple.com/privacy/government-information-requests/">announced</a> that it is providing basic encryption on mobile devices that they cannot bypass, even in response to a request from law enforcement. Google has promised to take similar steps in the near future. Predictably, law enforcement has responded with <a href="http://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/09/22/apples-dangerous-game-part-3-where-do-you-draw-the-line-and-whats-the-privacy-tradeoff/">howls of alarm</a>.</p>
<p>We've seen this movie before. Below is a slightly adapted blog post from one we posted in 2010, the last time the FBI was seriously hinting that it was going to try to mandate that all communications systems be easily wiretappable by mandating "back doors" into any encryption systems. We marshaled eight "epic failures" of regulating crypto at that time, all of which are still salient today. And in honor of the current debate, we've added a ninth.</p>
<blockquote><p><em>They can promise strong encryption. They just need to figure out how they can provide us plain text.</em> - FBI General Counsel Valerie Caproni, September 27, 2010</p></blockquote>
<blockquote><p><em>[W]e're in favor of strong encryption, robust encryption. The country needs it, industry needs it. We just want to make sure we have a trap door and key under some judge's authority where we can get there if somebody is planning a crime.</em> - FBI Director Louis Freeh, May 11, 1995</p></blockquote>
<p>If the government howls of protest at the idea that people will be using encryption sound familiar, it's because regulating and controlling consumer use of encryption was a monstrous proposal officially <a href="https://secure.wikimedia.org/wikipedia/en/wiki/Crypto:_How_the_Code_Rebels_Beat_the_Government—Saving_Privacy_in_the_Digital_Age">declared dead</a> in 2001 after threatening Americans' privacy, free speech rights, and innovation for nearly a decade. But like a zombie, it's now rising from the grave, bringing the same disastrous flaws with it.</p>
<p>For those who weren't following digital civil liberties issues in 1995, or for those who have forgotten, here's a refresher list of why forcing companies to break their own privacy and security measures by installing a back door was a bad idea 15 years ago:</p>
<ol><li><strong>It will create security risks.</strong> Don't take our word for it. Computer security expert Steven Bellovin <a href="http://www.cs.columbia.edu/~smb/blog//2010-10/2010-10-16.html">has explained</a> some of the problems. First, it's hard to secure communications properly even between two parties. Cryptography with a back door adds a third party, requiring a more complex protocol, and as Bellovin puts it: "Many previous attempts to add such features have resulted in new, easily exploited security flaws rather than better law enforcement access." It doesn't end there. Bellovin notes:<br /><blockquote><p>Complexity in the protocols isn't the only problem; protocols require computer programs to implement them, and more complex code generally creates more exploitable bugs. In the most notorious incident of this type, a cell phone switch in Greece was hacked by an unknown party. The so-called 'lawful intercept' mechanisms in the switch — that is, the features designed to permit the police to wiretap calls easily — was abused by the attacker to monitor at least a hundred cell phones, up to and including the prime minister's. This attack would not have been possible if the vendor hadn't written the lawful intercept code.</p></blockquote>
<p>More recently, as security researcher Susan Landau <a href="http://www.huffingtonpost.com/susan-landau/moving-rapidly-backwards-_b_760667.html">explains</a>, "an IBM researcher found that a Cisco wiretapping architecture designed to accommodate law-enforcement requirements — a system already in use by major carriers — had numerous <a href="http://www.blackhat.com/html/bh-dc-10/bh-dc-10-archives.html#Cross">security holes</a> in its design. This would have made it easy to break into the communications network and surreptitiously wiretap private communications."</p>
<p>The same is true for Google, which had <a href="http://www.cnn.com/2010/OPINION/01/23/schneier.google.hacking/index.html">its "compliance" technologies hacked by China</a>.</p>
<p>This isn't just a problem for you and me and millions of companies that need secure communications. What will the government itself use for secure communications? The FBI and other government agencies currently use many commercial products — the same ones they want to force to have a back door. How will the FBI stop people from un-backdooring their deployments? Or does the government plan to stop using commercial communications technologies altogether?</p></li>
<li><strong>It won't stop the bad guys.</strong> Users who want strong encryption will be able to get it — from Germany, Finland, Israel, and many other places in the world where it's offered for sale and for free. In 1996, the National Research Council did a study called <a href="http://www.nap.edu/openbook.php?record_id=5131">"Cryptography's Role in Securing the Information Society,"</a> nicknamed CRISIS. Here's what they said:<br /><blockquote><p>Products using unescrowed encryption are in use today by millions of users, and such products are available from many difficult-to-censor Internet sites abroad. Users could pre-encrypt their data, using whatever means were available, before their data were accepted by an escrowed encryption device or system. Users could store their data on remote computers, accessible through the click of a mouse but otherwise unknown to anyone but the data owner, such practices could occur quite legally even with a ban on the use of unescrowed encryption. Knowledge of strong encryption techniques is available from official U.S. government publications and other sources worldwide, and experts understanding how to use such knowledge might well be in high demand from criminal elements. — CRISIS Report at 303</p></blockquote>
<p>None of that has changed. And of course, more encryption technology is more readily available today than it was in 1996. So unless the goverment wants to mandate that you are forbidden to run anything that is not U.S. government approved on your devices, they won't stop bad guys from getting access to strong encryption.</p></li>
<li><strong>It will harm innovation.</strong> In order to ensure that no "untappable" technology exists, we'll likely see a technology mandate and a draconian regulatory framework. The implications of this for America's leadership in innovation are dire. Could Mark Zuckerberg have built Facebook in his dorm room if he'd had to build in surveillance capabilities before launch in order to avoid government fines? Would Skype have ever happened if it had been forced to include an artificial bottleneck to allow government easy access to all of your peer-to-peer communications? This has especially serious implications for the open source community and small innovators. Some open source developers have <a href="http://tahoe-lafs.org/pipermail/tahoe-dev/2010-October/005353.html">already taken a stand</a> against building back doors into software.</li>
<li><strong>It will harm US business.</strong> If, thanks to this proposal, US businesses cannot innovate and cannot offer truly secure products, we're just handing business over to foreign companies who don't have such limitations. Nokia, Siemens, and Ericsson would all be happy to take a heaping share of the communications technology business from US companies. And it's not just telecom carriers and VOIP providers at risk. Many game consoles that people can use to play over the Internet, such as the Xbox, allow gamers to chat with each other while they play. They'd have to be tappable, too.</li>
<li><strong>It will cost consumers.</strong> Any additional mandates on service providers will require them to spend millions of dollars making their technologies compliant with the new rules. And there's no real question about who will foot the bill: the providers will pass those costs onto their customers. (And of course, if the government were to pay for it, they would be using taxpayer dollars.)</li>
<li><strong>It will be unconstitutional.</strong> Of course, we wouldn't be EFF if we didn't point out the myriad constitutional problems. The details of how a cryptography regulation or mandate will be unconstitutional may vary, but there are serious problems with nearly every iteration of a "no encryption allowed" proposal that we've seen so far. Some likely problems:
<ul><li>The First Amendment would likely be <a href="http://osaka.law.miami.edu/~froomkin/articles/clipper.htm">violated</a> by a ban on all fully encrypted speech.</li>
<li>The First Amendment would likely not allow a ban of any software that can allow untappable secrecy. Software is speech, after all, and this is one of the key ways <a href="http://www.eff.org/cases/bernstein-v-us-dept-justice">we defeated this bad idea last time</a>.</li>
<li>The Fourth Amendment would not allow requiring disclosure of a key to the backdoor into our houses so the government can read our "papers" in advance of a showing of probable cause, and our digital communications shouldn't be treated any differently.</li>
<li>The Fifth Amendment would be implicated by required disclosure of a private papers and the forced utterance of incriminating testimony.</li>
<li>Right to privacy. Both the right to be left alone and informational privacy rights would be implicated.</li>
</ul></li>
<li><strong>It will be a huge outlay of tax dollars.</strong> As noted below, wiretapping is still a relatively rare tool of government (at least for the FBI in domestic investigations -- the NSA is another matter as we now all know). Yet the extra tax dollars needed to create a huge regulatory infrastructure staffed with government bureaucrats who can enforce the mandates will be very high. So, the taxpayers would end up paying for more expensive technology, higher taxes, and lost privacy, all for the relatively rare chance that motivated criminals will act "in the clear" by not using encryption readily available from a German or Israeli company or for free online.</li>
<li><strong>The government hasn't shown that encryption is a problem.</strong> How many investigations have been thwarted or significantly harmed by encryption that could not be broken? In 2009, the government reported only one instance of encryption that they needed to break out of 2,376 court-approved wiretaps, and it ultimately <a href="http://www.wired.com/threatlevel/2010/09/fbi-backdoors/">didn't prevent investigators from obtaining the communications they were after</a>.This truth was made manifest in a recent <a href="http://www.washingtonpost.com/posteverything/wp/2014/09/23/i-helped-save-a-kidnapped-man-from-murder-with-apples-new-encryption-rules-we-never-wouldve-found-him/">Washington Post</a> article written by an ex-FBI agent. While he came up with a scary kidnapping story to start his screed, device encryption simply had nothing to do with the investigation. The case involved an ordinary wiretap. In 2010, the New York Times reported that the government officials pushing for this have only come up with a few examples (and it's not clear that all of the examples actually involve encryption) and no real facts that would allow independent investigation or confirmation. More examples will undoubtedly surface in the FBI's PR campaign, but we'll be watching closely to see if underneath all the scary hype there's actually a real problem demanding this expensive, intrusive solution.</li>
<li><strong>Mobile devices are just catching up with laptops and other devices. </strong>Disk encryption just isn't that new. Laptops and desktop computers have long had disk encryption features that the manufacturers have absolutely no way to unlock. Even for simple screen locks with a user password, the device maker or software developer doesn't automatically know your password or have a way to bypass it or unlock the screen remotely. Although many law enforcement folks don't really like disk encryption on laptops and have never really liked it, and we understand that some lobbied against it in private, we haven't typically heard them suggest in public that it was somehow improper for these vendors not to have a backdoor to their security measures. That makes us think that the difference here is really just that some law enforcement folks think that phones are just too popular and too useful to have strong security. But strong security is something we all should have. The idea that basic data security is just a niche product and that ordinary people don't deserve it is, frankly, insulting. Ordinary people deserve security just as much as elite hackers, sophisticated criminals, cops and government agents, all of whom have ready access to locks for their data. </li>
</ol><p>The real issue with encryption may simply be that the FBI has to use more resources when they encounter it than when they don't. Indeed, Bellovin argues: "Time has also shown that the government has almost always managed to go around encryption." (One circumvention that's worked before: <a href="http://news.cnet.com/8301-10784_3-9741357-7.html">keyloggers</a>.) But if the FBI's burden is the real issue here, then the words of the CRISIS Report are even truer today than they were in 1996:</p>
<blockquote><p>It is true that the spread of encryption technologies will add to the burden of those in government who are charged with carrying out certain law enforcement and intelligence activities. But the many benefits to society of widespread commercial and private use of cryptography outweigh the disadvantages.</p></blockquote>
<p>The mere fact that law enforcement's job may become a bit more difficult is not a sufficient reason for undermining the privacy and security of hundreds of millions of innocent people around the world who will be helped by mobile disk encryption. Or as Chief Justice of John Roberts <a href="http://www.supremecourt.gov/opinions/13pdf/13-132_8l9c.pdf">recently observed </a>in another case rejecting law enforcement's broad demands for access to the information available on our mobile phones: "Privacy comes at a cost."</p>
</div></div></div><div class="field field-name-field-related-cases field-type-node-reference field-label-above"><div class="field-label">Related Cases:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/cases/bernstein-v-us-dept-justice">Bernstein v. US Department of Justice</a></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Nine%20Epic%20Failures%20of%20Regulating%20Cryptography&amp;url=https%3A//www.eff.org/deeplinks/2014/09/nine-epic-failures-regulating-cryptography&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Nine%20Epic%20Failures%20of%20Regulating%20Cryptography&amp;u=https%3A//www.eff.org/deeplinks/2014/09/nine-epic-failures-regulating-cryptography" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2014/09/nine-epic-failures-regulating-cryptography" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Nine%20Epic%20Failures%20of%20Regulating%20Cryptography&amp;url=https%3A//www.eff.org/deeplinks/2014/09/nine-epic-failures-regulating-cryptography" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Fri, 26 Sep 2014 21:40:38 +0000Cindy Cohn82453 at https://www.eff.orgCommentaryFree SpeechAnonymityExport ControlsInnovationPrivacyCALEAFacebook's 'Real Name' Policy Can Cause Real-World Harm for the LGBTQ Communityhttps://www.eff.org/deeplinks/2014/09/facebooks-real-name-policy-can-cause-real-world-harm-lgbtq-community
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p><img src="/files/2014/02/10/rainbow-eff.png" class="align-right" height="250" width="300" /></p>
<p dir="ltr">There are <a href="https://www.eff.org/deeplinks/2011/07/case-pseudonyms">myriad reasons </a>why individuals may wish to use a name other than that which they were born with. For some, these reasons could mean life or death—for example, political dissidents voicing unpopular opinions in places like Syria or <a href="http://www.theverge.com/2014/9/2/6083647/facebook-s-report-abuse-button-has-become-a-tool-of-global-oppression">Vietnam</a>, or people trying to get away from abusers—while for others, it may still very much be a matter of safety and security. Pseudonyms can enable people to access information, social services, and gain entry to communities while maintaining safety. This is especially true online, where individuals from distributed or marginalized groups can find community, spread awareness of issues they face, and seek information. LGBTQ individuals number among those who rely heavily on the Internet.</p>
<p>That’s why EFF was alarmed to hear that Facebook’s ‘real name’ policy is disproportionately affecting the LGBTQ community—in particular drag queens. Last week, the Daily Dot <a href="http://www.dailydot.com/lifestyle/facebook-demands-drag-queens-change-names/">reported</a> that Facebook was blocking drag performers from using their assumed, or stage names, rather than their legal ones. Tech journalist Violet Blue also <a href="http://www.zdnet.com/facebook-nymwars-disproportionately-outing-lgbt-performers-users-furious-7000033607/">reported on the situation</a>, stating that Facebook was enforcing its <a href="https://www.facebook.com/help/112146705538576">‘real names’ policy</a>, “insidiously outing a disproportionate number of gay, trans and adult performers” and placing them at risk for attacks and harassment.</p>
<p>EFF has long advocated against ‘real names’ policies, <a href="https://www.eff.org/deeplinks/2011/12/2011-review-nymwars">arguing in particular</a> that the way these policies are enforced subjects the most vulnerable populations (that is, people with enemies or unpopular opinions) to the most risk because of the ease with which another user can report them and thus have their account suspended. When a user is reported for using a ‘fake’ name, Facebook will prompt the user to submit their official identification. For pseudonymous users, this is impossible; it also comes with other privacy risks.</p>
<p>While Google Plus gave up their ‘real names’ policy, first <a href="https://www.eff.org/deeplinks/2011/10/victory-google-surrenders-nymwars">allowing certain exceptions</a> then <a href="http://www.cbc.ca/news/technology/google-plus-stops-requiring-real-names-and-apologizes-1.2708630">abandoning the policy altogether</a>, Facebook has remained steadfast, despite scant evidence that the policy comes with claimed benefits such as a greater level of “civility” (and <a href="http://www.poynter.org/latest-news/mediawire/159078/people-using-pseudonyms-post-the-most-highest-quality-comments-disqus-says/">some evidence</a> to the contrary).</p>
<p>And while Facebook maintains that this policy applies to every user on their site, in a report from <a href="http://www.slate.com/blogs/outward/2014/09/12/facebook_vs_drag_queens_why_is_facebook_cracking_down_on_drag_names.html">Slate</a> Facebook acknowledged that profile pages are typically only reviewed when “a member of the Facebook community reports it to us,” noting that “in these instances [suspensions of drag queens' accounts], the profiles would have been reported to us.” Assuming that Facebook’s account of the situation is accurate, this would mean that someone (or a group of people) is intentionally targeting drag performers. For non-gender conforming individuals, who are disproportionately attacked offline as well (in June alone, four <a href="http://www.advocate.com/politics/transgender/2014/06/30/fourth-trans-woman-color-murdered-june">trans women were murdered</a>), the effects are particularly dangerous. </p>
<p>One of the loudest voices speaking out against Facebook’s policy is Sister Roma, who belongs to the <a href="http://www.thesisters.org/">Sisters of Perpetual Indulgence</a>, a group that was borne out of political protest. Her identity is not an isolated performance; it’s the very definition of free expression. The Sisters’ work includes “community service, ministry and outreach to those on the edges, and promoting human rights, respect for diversity and spiritual enlightenment.”</p>
<p>For members of this community, the consequences of bad online policy are real. Sister Roma has <a href="http://sfist.com/2014/09/11/drag_queens_other_performers_outrag.php">stated</a> that she doesn’t want employers or stalkers to be able to find her. Fortunately, and despite the personal risks, she lives in a state that provides legal protections against discrimination based on gender identity and sexual preference; many drag performers don’t, and could very well lose jobs as a result of being “outed” with their drag personas.</p>
<p>More disturbingly, drag performers and others in the LGBTQ community—especially transgender people—often face violent harassment, online and off. Being able to connect a legal name with an online LGBTQ identity makes it much easier for not just stalkers and harassers, but dangerous abusers, to find people offline. And the loss of ability to identify using one’s chosen identity makes it more likely that an individual will simply leave social media, thereby losing an essential source of community and information. As drag performer Olivia LaGrace <a href="http://www.independent.co.uk/news/facebooks-name-policy-angers-drag-queens-9731904.html">explains</a>:</p>
<blockquote><p dir="ltr">Victims of abuse, trans people, queer people who are not able to be safely "out," and performers alike need to be able to socialize, connect, and build communities on social media safely. By forcing us to use our "real" names, it opens the door to harassment, abuse, and violence.</p>
</blockquote>
<p>While Facebook offers other ways for individuals to use the service without exposing their ‘real name’—such as creating a Page—many claim that those options fall short. <del>A fan page cannot receive messages, for example</del>. Only certain types of pages can receive messages (to find out how, <a href="https://www.facebook.com/help/141912559245350#Where-can-I-view-my-Page's-messages">click here</a>). According to <a href="http://sfist.com/2014/09/11/drag_queens_other_performers_outrag.php">SFist</a>, another option (for performers, anyway) might be to register a DBA, or “Doing Business As” name with the <a href="http://www.sba.gov/content/register-your-fictitious-or-doing-business-dba-name">Small Business Administration</a> that can be presented to Facebook if one’s name is challenged.</p>
<p dir="ltr">These workarounds are inherently unfair to individuals whose desire for relative anonymity is a matter of safety or identity, and useless for those who merely desire to use a pseudonym. While Facebook has <a href="http://www.sfbg.com/pixel_vision/2014/09/14/drag-queens-plan-protest-facebook-over-name-change-policy">agreed to meet</a> with community members and San Francisco Supervisor David Campos after extensive media attention, the company's reaction so far has left much to be desired. And unfortunately, if Facebook doesn't change the policy, some users will be left with very few options.</p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Facebook%27s%20%27Real%20Name%27%20Policy%20Can%20Cause%20Real-World%20Harm%20for%20the%20LGBTQ%20Community&amp;url=https%3A//www.eff.org/deeplinks/2014/09/facebooks-real-name-policy-can-cause-real-world-harm-lgbtq-community&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Facebook%27s%20%27Real%20Name%27%20Policy%20Can%20Cause%20Real-World%20Harm%20for%20the%20LGBTQ%20Community&amp;u=https%3A//www.eff.org/deeplinks/2014/09/facebooks-real-name-policy-can-cause-real-world-harm-lgbtq-community" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2014/09/facebooks-real-name-policy-can-cause-real-world-harm-lgbtq-community" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Facebook%27s%20%27Real%20Name%27%20Policy%20Can%20Cause%20Real-World%20Harm%20for%20the%20LGBTQ%20Community&amp;url=https%3A//www.eff.org/deeplinks/2014/09/facebooks-real-name-policy-can-cause-real-world-harm-lgbtq-community" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Tue, 16 Sep 2014 12:05:56 +0000Jillian York and Dia Kayyali82267 at https://www.eff.orgFree SpeechAnonymitySocial NetworksComcast Denies Allegations of Tor Crackdown: Users Should Continue to Report any Non-Neutral Activity https://www.eff.org/deeplinks/2014/09/comcast-denies-allegations-tor-crackdown-users-should-continue-report-any-non
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p><a href="https://eff.org/torchallenge/"><img src="/files/2014/08/04/tor.png" alt="" class="image-right" height="192" width="177" /></a>Over the weekend <a href="http://www.deepdotweb.com/2014/09/13/comcast-declares-war-tor/">accusations</a> surfaced that Comcast has been threatening Tor users with termination of service. According to reports, Comcast subscribers claimed that agents from the company instructed subscribers that use of the highly popular Tor browser was “illegal” and against the giant ISP’s user policies. And let’s get one thing straight right now: Tor isn’t illegal. In fact, the Tor browser is used by academics, activists, regular Internet users, and even law enforcement.</p>
<p>If these accusations were true, then Comcast would not only be acting contrary to the principles of net neutrality, but would also potentially infringe on millions of users’ legitimate need to use the Internet without disclosing their IP address.</p>
<p>Comcast doesn’t have the best record when it comes to modifying, throttling, and even blocking its users’ traffic. For instance, in 2007 the company was caught <a href="https://www.eff.org/wp/packet-forgery-isps-report-comcast-affair">throttling encrypted traffic</a> from peer-to-peer file sharing sites including BitTorrent, sparking net neutrality conversations that lead to FCC rules back in 2010. And to be clear, the company <a href="https://www.eff.org/deeplinks/2007/09/comcast-and-bittorrent">issued a denial</a> when those accusations surfaced, despite the fact that they were actually engaging in the censorious behavior.</p>
<p>The <a href="https://torproject.org/">Tor Project</a> offers a web browser that allows anyone to use the Internet while obfuscating the location of the user, and keeping traffic encrypted and secure en route, thus enabling a level of anonymity. Tor is highly popular in countries with pervasive Internet censorship and surveillance, allowing users to circumvent government firewalls while hiding the origin of their traffic.</p>
<p>What’s more, the browser is a staple for journalists, activists, people in witness protection programs, and everyday users who are safer and more confident online with the level of anonymity Tor provides. In fact, at EFF <a href="https://www.eff.org/deeplinks/2014/06/why-you-should-use-tor">we encourage the use of Tor</a> and hope that people <a href="https://eff.org/torchallenge">continue to set up relays</a> to help make the network more robust.</p>
<p>This morning Comcast <a href="http://corporate.comcast.com/comcast-voices/setting-the-record-straight-on-tor">issued a statement</a> denying that the ISP is blocking Tor and denying that there is any record of exchanges between Comcast and Tor users. The Vice President went as far as to say that he also uses Tor at times, adding, “Comcast doesn’t monitor our customer’s browser software, web surfing or online history.”</p>
<p>But considering the fact that Comcast hasn’t always been completely transparent about its network practices, we still invite Internet users to contact us if they’ve been discouraged from using Tor by any Internet service provider. To do so, please email <a href="mailto:info@eff.org">info@eff.org</a> to share your story.</p>
<p>It’s also worth noting that today is the final day that the FCC is accepting public comments in the net neutrality proceeding. Please join us in calling on the FCC to enact meaningful net neutrality rules that would prohibit this kind of alleged discrimination against privacy-enhancing technology in the future. Visit <a href="https://www.dearfcc.org/">DearFCC.org</a> right now to make your voice heard.</p>
<p></p><center><a href="https://www.dearfcc.org/"><img class="image-center" src="/files/action-1c-2_0.png" alt="" height="41" width="170" /></a></center>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Comcast%20Denies%20Allegations%20of%20Tor%20Crackdown%3A%20Users%20Should%20Continue%20to%20Report%20any%20Non-Neutral%20Activity%20%20%20&amp;url=https%3A//www.eff.org/deeplinks/2014/09/comcast-denies-allegations-tor-crackdown-users-should-continue-report-any-non&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Comcast%20Denies%20Allegations%20of%20Tor%20Crackdown%3A%20Users%20Should%20Continue%20to%20Report%20any%20Non-Neutral%20Activity%20%20%20&amp;u=https%3A//www.eff.org/deeplinks/2014/09/comcast-denies-allegations-tor-crackdown-users-should-continue-report-any-non" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2014/09/comcast-denies-allegations-tor-crackdown-users-should-continue-report-any-non" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Comcast%20Denies%20Allegations%20of%20Tor%20Crackdown%3A%20Users%20Should%20Continue%20to%20Report%20any%20Non-Neutral%20Activity%20%20%20&amp;url=https%3A//www.eff.org/deeplinks/2014/09/comcast-denies-allegations-tor-crackdown-users-should-continue-report-any-non" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Mon, 15 Sep 2014 19:34:32 +0000April Glaser82232 at https://www.eff.orgFree SpeechAnonymityNet NeutralityTop 20 Cosplay Activists from Project Secret Identity at Dragon Conhttps://www.eff.org/deeplinks/2014/09/top-20-project-secret-identity-cosplay-images-project-secret-identity
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>Over Labor Day weekend, more than 75 cosplayers at Dragon Con became Internet freedom heroes for real, using their fantastic costumes to highlight how anonymity and privacy are crucial to free expression.</p>
<p>It was all part of Project Secret Identity, <a href="https://www.eff.org/press/releases/cosplayers-fight-online-anonymity-and-privacy-during-dragon-con">a cross-fandom activism campaign</a> organized by EFF, <a href="http://io9.com/check-out-the-best-dragon-con-cosplayers-fighting-for-o-1629291484">io9</a>, the <a href="http://www.southeasternbrowncoats.com/southeasternbrowncoats.com/Home.html">Southeastern Browncoats</a>, the <a href="http://thehpalliance.org/">Harry Potter Alliance</a>, the <a href="http://bakerstreetbabes.com/">Baker Street Babes</a>, <a href="http://blog.wattpad.com/we-support-your-secret-identity/">Wattpad</a> and the <a href="http://transformativeworks.org/news/otw-joins-project-secret-identity">Organization for Transformative Works</a>. Even avatars from virtual worlds <a href="http://worlds.ninja/dragoncon-vr-edition/">organized</a> a <a href="https://secure.flickr.com/photos/vaneeesab/sets/72157647119902482/">march</a> online in solidarity.</p>
<p>Choosing just 20 of the best images was a superhuman task in itself, so hop over to <a href="http://projectsecretidentity.org/">ProjectSecretIdentity.org</a> to see the full selection.</p>
<p></p><center><img src="/files/2014/09/02/gamora_0.jpg" alt="" height="975" width="650" /><p>Gamora from Guardians of the Galaxy</p>
<p><img src="/files/2014/09/02/black_panther_and_storm.jpg" alt="" height="433" width="650" /></p>
<p>Black Panther and Storm from the Marvel universe</p>
<p><img src="/files/2014/09/02/tank_girl_0.jpg" alt="" height="988" width="650" /></p>
<p>Tank Girl</p>
<p><img src="/files/2014/09/02/psylocke.jpg" alt="" height="650" width="650" /></p>
<p>Psylocke from the Marvel Universe</p>
<p><img src="/files/2014/09/02/clockworkjoker.jpg" alt="" height="964" width="650" /></p>
<p>A Clockwork Joker</p>
<p><img src="/files/2014/09/02/duck_dynasty.jpg" alt="" height="650" width="650" /></p>
<p>Jase Robertson from Duck Dynasty</p>
<p><img src="/files/2014/09/02/giant_jayne_hat_0.jpg" alt="" height="975" width="650" /></p>
<p>A Giant Jayne's Hat from Firefly</p>
<p><img src="/files/2014/09/02/starlord.jpg" alt="" height="923" width="650" /></p>
<p>Star-Lord from Guardians of the Galaxy</p>
<p><img src="/files/2014/09/02/pam.jpg" alt="" height="650" width="650" /></p>
<p>Pam from Archer</p>
<p><img src="/files/2014/09/02/obery_martell_elaria_sand.jpg" alt="" height="650" width="650" /></p>
<p>Oberyn Martell and Ellaria Sand from Game of Thrones</p>
<p><img src="/files/2014/09/02/lanterns.jpg" alt="" height="508" width="650" /></p>
<p>Red Lantern and Green Lantern from the DC universe</p>
<p><img src="/files/2014/09/02/jayne.jpg" alt="" height="976" width="650" /></p>
<p>Jayne from Firefly</p>
<p><img src="/files/2014/09/02/draconian.jpg" alt="" height="975" width="650" /></p>
<p>Draconian from Dragon Ball</p>
<p><img src="/files/2014/09/02/charles_brittania.jpg" alt="" height="975" width="650" /></p>
<p>Charles Zi Brittania from Code Geass</p>
<p><img src="/files/2014/09/02/splicer.jpg" alt="" height="1023" width="650" /></p>
<p>Splicer from Bio Shock</p>
<p><img src="/files/2014/09/02/raven_red_green.jpg" alt="" height="906" width="650" /></p>
<p>Red Green and Raven from the DC universe</p>
<p><img src="/files/2014/09/02/drakken.jpg" alt="" height="893" width="650" /></p>
<p>Professor Kai Drakken, Steampunk</p>
<p><img src="/files/2014/09/02/hunks.jpg" alt="" height="650" width="650" /></p>
<p>HUNK and Lady HUNK from Resident Evil</p>
<p><img src="/files/2014/09/02/draco.jpg" alt="" height="956" width="650" /></p>
<p>Draco Malfoy from Harry Potter</p>
<p><img src="/files/2014/09/02/rococo_punk_square.jpg" alt="" height="650" width="650" /></p>
<p>A Rococo Punk</p>
<p><img src="/files/2014/09/02/pikachu_2.jpg" alt="" height="650" width="650" /></p>
<p>Pikachu from Pokémon</p>
<p></p></center>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Top%2020%20Cosplay%20Activists%20from%20Project%20Secret%20Identity%20at%20Dragon%20Con&amp;url=https%3A//www.eff.org/deeplinks/2014/09/top-20-project-secret-identity-cosplay-images-project-secret-identity&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Top%2020%20Cosplay%20Activists%20from%20Project%20Secret%20Identity%20at%20Dragon%20Con&amp;u=https%3A//www.eff.org/deeplinks/2014/09/top-20-project-secret-identity-cosplay-images-project-secret-identity" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2014/09/top-20-project-secret-identity-cosplay-images-project-secret-identity" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Top%2020%20Cosplay%20Activists%20from%20Project%20Secret%20Identity%20at%20Dragon%20Con&amp;url=https%3A//www.eff.org/deeplinks/2014/09/top-20-project-secret-identity-cosplay-images-project-secret-identity" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Tue, 02 Sep 2014 21:28:12 +0000Dave Maass82056 at https://www.eff.orgFree SpeechAnonymityWe're All In It Together: Cosplay With Us Over Labor Day Weekendhttps://www.eff.org/deeplinks/2014/08/were-all-it-together-cosplay-us-over-labor-day-weekend
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p></p><center><i><img src="/files/2014/08/28/tuttle_600px.jpg" alt="" height="429" width="596" /></i></center>
<p><i>Join the Electronic Frontier Foundation, <a href="http://io9.com/">io9</a>, and a coalition of fan groups over Labor Day weekend for Project Secret Identity, a cosplay photo campaign to raise awareness of how online anonymity and privacy are key to free expression. Visit <a href="https://projectsecretidentity.org/about.html">ProjectSecretIdentity.org</a> during Dragon Con (Aug. 29 – Sept. 1) to participate online or visit us on the second floor of the Hilton Atlanta or the Southeastern Browncoats booth, #1000 at AmericasMart. </i></p>
<p>For the first time in my life, I’m donning a costume at a convention.</p>
<p>At Dragon Con this weekend, I’ll put on a balaclava, a utility vest and a pair of flashlight glasses, shave my beard into a mustache, and draw a mole on my cheek. For a few days I’ll become Robert De Niro’s character, Archibald “Harry” Tuttle, in Terry Gilliam’s classic dystopian dark comedy, <i><a href="https://en.wikipedia.org/wiki/Brazil_%281985_film%29">Brazil</a>. </i> </p>
<p>There are three reasons for this.</p>
<p>First: <i>Brazil </i>has had a lasting impact on my life since I first saw it on VHS as a teenager. It put me on a track that has found me defending civil liberties at the Electronic Frontier Foundation.</p>
<p>The film is one of the early imaginings of a society where an authoritarian government uses big data to manage and control a population. The plot revolves around a simple clerical error, which results in government agents kidnapping, torturing, and eventually killing the wrong guy—Harry Buttle, who they’ve confused with Harry Tuttle. Now, Harry Tuttle is a renegade heating engineer who’s been branded a terrorist for making unauthorized repairs. He’s a handyman superhero who hates paperwork and throughout the film, he keeps dropping his catchphrase: “We’re all in it together.”</p>
<p>That brings me to reason #2. When it comes to mass surveillance, we are all indeed in it together, both as data points in the giant databases and as allies in the battle against them.</p>
<p>That’s why I’d like to invite you to participate in Project Secret Identity, a cosplay activism campaign by EFF, io9, and a cross-fandom coalition of wizards, space cowboys, and other creative organizations.</p>
<p>We’re asking you to put on your mask and pose for photo holding a sign that says “I Have a Right to a Secret Identity” or another fandom-specific message about the importance of Internet freedom.</p>
<p>As we explain at <a href="https://projectsecretidentity.org/about.html">ProjectSecretIdentity.org</a>:</p>
<blockquote><p>From George Orwell's Big Brother to J.K. Rowling's Ministry of Magic, science fiction, fantasy, and other genre fiction have long explored and criticized the intrusion of government on our private lives.</p>
<p>Today, many of those fictions have become reality, whether it's NSA mass surveillance, local police use of spy technology, or big data brokers scraping personal information from social media networks. Some governments are even trying to ban online anonymity.</p>
<p>Project Secret Identity underlines the belief that we must protect and advocate for ourselves in order to shape the future.</p></blockquote>
<p>In addition to EFF and io9, the campaign is supported by the <a href="http://thehpalliance.org/">Harry Potter Alliance</a>, <a href="http://www.southeasternbrowncoats.com/">Southeastern Browncoats</a> and the <a href="http://bakerstreetbabes.com/">Baker Street Babes</a>. Anonymity isn't just important for privacy; it’s deeply engrained in fan culture, which is why the coalition also includes <a href="https://www.wattpad.com/">Wattpad</a>, a community of 30 million readers and writers, and the <a href="http://transformativeworks.org/">Organization for Transformative Works</a>.</p>
<p>As OTW's Claudia Rebaza <a href="http://transformativeworks.org/news/otw-joins-project-secret-identity">writes</a>:</p>
<blockquote><p>Fan pseudonyms range from ordinary names to fanciful titles and are <a href="http://fanlore.org/wiki/Pseudonyms">a long standing practice</a>. There are many reasons why some fans might choose pseudonymity. Not only is it a standard identity and privacy-protection precaution, but it may follow fan practice within the spaces they're part of online and it may mirror the use of pseudonyms in publishing where different names are used when writing for different audiences.</p></blockquote>
<p>You don’t have to be at Dragon Con to participate: Just upload your image at <a href="https://projectsecretidentity.org/about">ProjectSecretIdentity.org</a> and share it online.</p>
<p>But if you are attending Dragon Con, you can get your photo taken at either our table (second floor in the Hilton Atlanta) or the Southeastern Browncoats’ booth (#1000 in AmericasMart).</p>
<p>Dragon Con is renowned not only for its cosplay, but for the intellectual curiosity of its attendees. They understand the possibilities of technology and also appreciate that writers, artists, and fans have been censored and oppressed for challenging governments on these issues.</p>
<p>Dragon Con hosts the Electronic Frontiers Forum, a panel track devoted to exploring the intersection of technology with civil liberties. EFF Deputy General Counsel Kurt Opsahl and I will be participating in a number of discussions on issues ranging from cell-phone searches to the Freedom of Information Act. Opsahl will also be presenting an updated version of his talk, “<a href="https://www.youtube.com/watch?v=BMwPe2KqYn4">Through a PRISM, Darkly: Everything We Know About NSA Spying,</a>” which went viral when it first debuted at the Chaos Communication Congress last winter. We will also help with screenings of the documentaries <a href="http://tacma.net/"><i>Terms and Conditions May Apply </i></a>and <i><a href="http://www.takepart.com/internets-own-boy">The Internet’s Own Boy</a>.</i></p>
<p>You can check out the forum schedule <a href="http://eff.dragoncon.org/">here</a>. </p>
<p>As for the third reason I’m cosplaying as Harry Tuttle: Terry Gilliam himself will be at Dragon Con. If we’re all in it together, surely that includes a selfie with me.</p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=We%27re%20All%20In%20It%20Together%3A%20Cosplay%20With%20Us%20Over%20Labor%20Day%20Weekend&amp;url=https%3A//www.eff.org/deeplinks/2014/08/were-all-it-together-cosplay-us-over-labor-day-weekend&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=We%27re%20All%20In%20It%20Together%3A%20Cosplay%20With%20Us%20Over%20Labor%20Day%20Weekend&amp;u=https%3A//www.eff.org/deeplinks/2014/08/were-all-it-together-cosplay-us-over-labor-day-weekend" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2014/08/were-all-it-together-cosplay-us-over-labor-day-weekend" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=We%27re%20All%20In%20It%20Together%3A%20Cosplay%20With%20Us%20Over%20Labor%20Day%20Weekend&amp;url=https%3A//www.eff.org/deeplinks/2014/08/were-all-it-together-cosplay-us-over-labor-day-weekend" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Fri, 29 Aug 2014 12:12:14 +0000Dave Maass82041 at https://www.eff.orgAnonymityPrivacyCosplayers Fight for Online Anonymity and Privacy During Dragon Con https://www.eff.org/press/releases/cosplayers-fight-online-anonymity-and-privacy-during-dragon-con
<div class="field field-name-field-pr-subhead field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Wizards, Browncoats, Sherlockians, and Other Creative Communities Join EFF in “Project Secret Identity” Photo Campaign</div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p></p><center><a href="https://www.eff.org/files/2014/08/27/kiba_horizontal_-_psi.png"><img src="https://www.eff.org/files/2014/08/27/kiba_horizontal_small_-psi.png" height="317" width="465" /></a></center>
<p>Atlanta - The Electronic Frontier Foundation (EFF), sci-fi blog <a href="http://io9.com/">io9</a>, and a coalition of fan communities are launching "Project Secret Identity," a cosplay photo campaign to raise awareness of the importance of anonymity and privacy during the annual pop culture convention Dragon Con in Atlanta, Georgia, Aug. 29 - Sept. 1.</p>
<p>The campaign, online at <a href="https://projectsecretidentity.org/">ProjectSecretIdentity.org</a>, is supported by a cross-fandom coalition of organizations, including: <a href="http://www.southeasternbrowncoats.com">Southeastern Browncoats</a>, a <em>Firefly</em>-inspired non-profit; the <a href="http://thehpalliance.org/">Harry Potter Alliance</a>, an activism organization; the <a href="http://bakerstreetbabes.com/">Baker Street Babes</a>, a <em>Sherlock Holmes</em> fan group and podcast; <a href="https://www.wattpad.com/">Wattpad, </a>a community of readers and writers; and the <a href="http://transformativeworks.org/">Organization for Transformative Works</a>, a fan-culture advocacy organization.</p>
<p>"Whether it's the 'Eye of Sauron' in <em>The Lord of the Rings</em> or 'The Machine' in <em>Person of Interest</em>, genre culture has long explored and criticized mass surveillance," said EFF Investigative Researcher Dave Maass. "The last year's worth of stories about the NSA have read too much like dystopian fiction. In response, we need to focus the imaginations of fans to advocate for a future where free expression is protected through privacy and anonymity. "</p>
<p>During the campaign, cosplayers around the world can use <a href="https://projectsecretidentity.org/">ProjectSecretIdentity.org</a> to post photos of themselves in costume bearing pro-anonymity slogans, such as "I Have the Right to a Secret Identity" and "Privacy is Not a Fantasy." Dragon Con attendees can also stop by the Project Secret Identity photo stations at EFF's table (second floor at the Hilton Atlanta) and the Southeastern Browncoats' booth (#1000 at AmericasMart).</p>
<p>"In J.K. Rowling's novels, Voldemort came to power not only through coercion, but by monitoring, controlling, and censoring the Wizarding World's lines of communication," Harry Potter Alliance Executive Director Paul DeGeorge said. "In the real world, there is no charm-protected room where we can meet and organize in secret. What we have is the Internet and we need to fight to keep it free and secure."</p>
<p>"Freedom from oppressive governments is central to the ethos of the <em>Firefly</em> fandom," said Serenity Richards, captain of the Southeastern Browncoats. "By standing up for anonymity today, we can prevent 'The Alliance' from becoming a reality in the future."</p>
<p>The activism campaign coincides with Dragon Con's <a href="http://eff.dragoncon.org/">Electronic Frontiers Forum</a>, a track of panels on the intersection of technology with free speech and privacy. EFF Deputy General Counsel Kurt Opsahl will present an update to his acclaimed presentation, "<a href="https://www.youtube.com/watch?v=BMwPe2KqYn4">Through a PRISM, Darkly: Everything we know about NSA spying</a>," which debuted at the Chaos Communication Congress in Hamburg, Germany in December 2013. Opsahl and Maass will also speak on a number of discussion panels, covering issues ranging from police searches of cell phones to the Freedom of Information Act.</p>
<p>EFF will also support screenings of <em><a href="http://tacma.net/">Terms and Conditions May Apply</a></em>, a 2013 documentary about Web site terms of service, and <em><a href="http://www.takepart.com/internets-own-boy">The Internet's Own Boy</a></em>, Brian Knappenberger's 2014 documentary about the late Internet activist Aaron Swartz.</p>
<p>Founded in 1987, Dragon Con is expected to draw more than 62,000 attendees this year.</p>
<p>For EFF's schedule at Dragon Con:<br /><a href="//www.eff.org/event/eff-goes-dragon-con"> https://www.eff.org/event/eff-goes-dragon-con</a><strong></strong></p>
<h3>Contact:</h3>
<p>Dave Maass<br />
Media Relations Coordinator and Investigative Researcher<br />
Electronic Frontier Foundation<br /><a href="mailto:press@eff.org">press@eff.org</a></p>
<h3>Cosplay photos:</h3>
<p>Top: <a href="http://kiba-shiruba.deviantart.com/">Kiba Shiruba</a> as "Cyber" Frey from <em><a href="http://tapastic.com/episode/2139">Fisheye Placebo</a></em>. (<a href="https://www.eff.org/files/2014/08/27/kiba_horizontal_-_psi.png">High resolution</a>)</p>
<p><a href="https://www.eff.org/files/2014/08/27/tuttle_high_rez.png"><img src="https://www.eff.org/files/2014/08/27/tuttle_300px.png" /></a></p>
<p>EFF Investigative Researcher Dave Maass as Harry Tuttle from <em>Brazil</em>. (<a href="https://www.eff.org/files/2014/08/27/tuttle_high_rez.png">High resolution</a>)</p>
<p><a href="https://www.eff.org/files/2014/08/27/chell_for_web.jpg"><img src="https://www.eff.org/files/2014/08/27/chell_300px.jpg" /></a></p>
<p><a href="https://twitter.com/dharlette">Hannah Grimm</a> as Chell from <em>Portal</em>. (<a href="https://www.eff.org/files/2014/08/27/chell_for_web.jpg">High resolution</a>)</p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Cosplayers%20Fight%20for%20Online%20Anonymity%20and%20Privacy%20During%20Dragon%20Con%20&amp;url=https%3A//www.eff.org/press/releases/cosplayers-fight-online-anonymity-and-privacy-during-dragon-con&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Cosplayers%20Fight%20for%20Online%20Anonymity%20and%20Privacy%20During%20Dragon%20Con%20&amp;u=https%3A//www.eff.org/press/releases/cosplayers-fight-online-anonymity-and-privacy-during-dragon-con" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/press/releases/cosplayers-fight-online-anonymity-and-privacy-during-dragon-con" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Cosplayers%20Fight%20for%20Online%20Anonymity%20and%20Privacy%20During%20Dragon%20Con%20&amp;url=https%3A//www.eff.org/press/releases/cosplayers-fight-online-anonymity-and-privacy-during-dragon-con" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Wed, 27 Aug 2014 16:05:32 +0000Dave Maass82005 at https://www.eff.orgEFF to Ethiopia: Illegal Wiretapping Is Illegal, Even for Governmentshttps://www.eff.org/deeplinks/2014/08/eff-ethiopia-illegal-wiretapping-illegal-even-governments
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>Earlier this week, EFF told the U.S. District Court for the District of Columbia that <a href="https://www.eff.org/files/2014/08/19/kidaneopposition.pdf">Ethiopia must be held accountable</a> for its illegal wiretapping of an American citizen. Foreign governments simply do not have a get-out-of-court-free card when they commit serious felonies in America against Americans. This case is the centerpiece of our U.S. legal efforts to combat <a href="https://www.eff.org/issues/state-sponsored-malware">state sponsored malware</a>.</p>
<p>In February 2014, <a href="https://www.eff.org/press/releases/american-sues-ethiopian-government-spyware-infection">EFF filed suit</a> against the Federal Democratic Republic of Ethiopia on behalf of our client, Mr. Kidane, an Ethiopian by birth who has been a U.S. citizen over a decade. Mr. Kidane discovered traces of Gamma International's FinSpy, a sophisticated spyware product which its maker claims is sold exclusively to governments and law enforcement, on his laptop at his home in suburban Maryland. A forensic examination of his computer showed that the Ethiopian government had been recording Mr. Kidane’s Skype calls, as well as monitoring his web and email usage. The monitoring, which violates both the federal Wiretap Act and Maryland state law, was accomplished using spyware that captured his activities and then reported them back to a command and control server in Ethiopia controlled by the government. The infection was active from October 2012, through March 2013, and was stopped just days after researchers at the <a href="https://citizenlab.org/2013/03/you-only-click-twice-finfishers-global-proliferation-2/">University of Toronto’s Citizen Lab released a report</a> exposing Ethiopia's use of use of FinSpy. The report specifically referenced the very IP address of the Ethiopian government server responsible for the command and control of the spyware on Mr. Kidane’s laptop.</p>
<p>The Ethiopian government <a href="https://www.eff.org/files/2014/08/04/ethiopias_mtd.pdf">responded to the suit</a> with the troubling claim that it—and every other foreign government—should be completely immune from suit for wiretapping American citizens on American soil. Ethiopia’s filing rests on several logic-challenged premises. Ethiopia claims that the recording of Mr. Kidane’s Skype calls and Internet activity at his home in Maryland actually took place in Ethiopia, and is therefore beyond the reach of any U.S. court. Worse still, Ethiopia claims that it had the "discretion" to violate U.S. law, reducing the Wiretap Act to something more like a traffic violation than a serious felony. Interestingly, Ethiopia does not actually deny that it wiretapped Mr. Kidane.</p>
<p>Yesterday, EFF and its co-counsel at <a href="http://www.rkmc.com/">Robins, Kaplan, Miller &amp; Ciresi</a>, <a href="https://www.eff.org/files/2014/08/19/kidaneopposition.pdf">filed a response</a> knocking down each of Ethiopia’s arguments, noting that not even the U.S. government is allowed to do what Ethiopia claims it had the right to do here: wiretap Americans in America with no legal process whatsoever. We argue that Ethiopia must be held accountable for wiretapping Mr. Kidane, just as any other actor would be. Neither its status as a government nor the fact that it launched its attack on Mr. Kidane from Ethiopia gives it <i>carte blanche </i>to ignore the law. If Ethiopia legitimately needed to collect information about Americans for an investigation, it could negotiate a deal with the U.S., called a Mutual Legal Assistance Treaty, which would allow it to seek U.S. assistance for something like a wiretap. Otherwise, there simply is no “international spying” exception to the law for foreign governments, nor should there be. When sovereign governments act, especially when they invade the privacy of ordinary people, they must do so within the bounds of the law. And when foreign governments break U.S. law, U.S. courts have the power to hold them accountable.</p>
<p>This is the next step in what we hope will set an important precedent in the U.S., fighting back against the growing problem of <a href="https://www.eff.org/issues/state-sponsored-malware">state-sponsored malware</a>. No matter what one thinks about the NSA spying on Americans inside the U.S. (of course EFF believes that this has gone way far too), it should be easy to see that foreign governments—be they Ethiopia, China, or as EFF itself experienced <a href="https://www.eff.org/deeplinks/2014/01/vietnamese-malware-gets-personal">Vietnam</a>—do not and should not have that right. </p>
</div></div></div><div class="field field-name-field-related-cases field-type-node-reference field-label-above"><div class="field-label">Related Cases:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/cases/kidane-v-ethiopia">Kidane v. Ethiopia</a></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=EFF%20to%20Ethiopia%3A%20Illegal%20Wiretapping%20Is%20Illegal%2C%20Even%20for%20Governments&amp;url=https%3A//www.eff.org/deeplinks/2014/08/eff-ethiopia-illegal-wiretapping-illegal-even-governments&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=EFF%20to%20Ethiopia%3A%20Illegal%20Wiretapping%20Is%20Illegal%2C%20Even%20for%20Governments&amp;u=https%3A//www.eff.org/deeplinks/2014/08/eff-ethiopia-illegal-wiretapping-illegal-even-governments" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2014/08/eff-ethiopia-illegal-wiretapping-illegal-even-governments" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=EFF%20to%20Ethiopia%3A%20Illegal%20Wiretapping%20Is%20Illegal%2C%20Even%20for%20Governments&amp;url=https%3A//www.eff.org/deeplinks/2014/08/eff-ethiopia-illegal-wiretapping-illegal-even-governments" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Tue, 19 Aug 2014 19:57:09 +0000Nate Cardozo81872 at https://www.eff.orgLegal AnalysisAnonymityInternationalPrivacyTor on Campus, Part I: It’s Been Done Before and Should Happen Againhttps://www.eff.org/deeplinks/2014/08/tor-campus-part-i-its-been-done-and-should-happen-again
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p><img src="/files/2014/08/04/tor.png" alt="" class="image-right" height="192" width="177" />German newspapers recently <a href="https://www.eff.org/deeplinks/2014/07/dear-nsa-privacy-fundamental-right-not-reasonable-suspicion">reported</a> that the NSA targets people who research privacy and anonymity tools online—for instance by searching for information about <a href="https://www.torproject.org/">Tor</a> and <a href="https://tails.boum.org/">Tails</a>—for deeper surveillance. But today, researching something online is the near equivalent to thinking out loud. By ramping up surveillance on people simply for reading about security, freedom of expression easily collapses into self-censorship; speech is chilled; people may become afraid to research and learn.</p>
<p>What effect does this threat to research have on university life? Just this summer <a href="https://www.eff.org/deeplinks/2014/06/students-against-surveillance-17-university-groups-pen-open-letters-toxicity-mass">student groups at seventeen universities</a> across the country penned open letters in protest of NSA surveillance, calling attention to the pernicious effects of the surveillance state on academic freedom. And despite the fact that the very act of learning about basic online privacy tools subjects one to increased government scrutiny, we sincerely hope this student activism continues.</p>
<p>EFF has long <a href="https://www.eff.org/torchallenge/tor-on-campus.html">encouraged</a> students and professors to support the Tor project by running a relay on campus. Universities are supposed to be places where exploration and research of new and controversial topics should be encouraged, where freedom of speech and thought should flourish. Although it saddens us that research of any topic in and of itself has become a suspicious activity, it would be tragic if students stopped exercising their First Amendment rights and stopped exploring freedom-enhancing software tools. Anonymity is one way to more freely explore information online.</p>
<p>In fact, the more people use Tor, <a href="https://www.eff.org/deeplinks/2014/06/why-you-should-use-tor">the safer it is</a> for those who use it. When a university runs a Tor node, the students and professors who back it are contributing to the strengthening of a human rights project that enables a safe, free, and globally connected Internet.</p>
<p>Many are bound to question whether those who seek privacy and anonymity should continue to use Tor knowing that it could subject one to greater NSA scrutiny. After careful consideration, we feel the benefits strongly outweigh the burdens. That’s why we’re continuing the <a href="https://eff.org/torchallenge">Tor Challenge</a>.</p>
<p><i>There are plenty of reasons why a university may have reservations about running a Tor relay or exit node on campus. We discuss those concerns as well as ways to address potential risk in <a href="https://eff.org/deeplinks/2014/08/tor-campus-part-ii-icebreakers-and-risk-mitigation-strategies">part two</a> of this post.</i></p>
<h3>Tor is already on campuses</h3>
<p>For years, students and professors have been running Tor exit and relay nodes on college campuses. Whether part of a research project or as an independent, activist-minded contribution to the Tor project, these instances of Tor have helped to make the network more robust and diverse.</p>
<p>Take the nodes set up at University of Pennsylvania, for example, where students maintain multiple Tor relays. Or consider the Tor exit node <a href="https://lists.torproject.org/pipermail/tor-talk/2011-January/008663.html">a student</a> was running a few years ago under his desk in a dorm room at Princeton.</p>
<p>"I gradually made my way through different administrative procedures, talking with several administrators and committees, and finally Princeton's general counsel,” recounted the Princeton alum <a href="http://tomlowenthal.com">Tom Lowenthal </a>(now a <a href="http://cpj.org/blog/2014/05/tom-lowenthal-joins-cpj-as-first-staff-technologis.php">staff technologist</a> at the Committee to Protect Journalists) about his struggle to demystify the Tor project to the campus administration. “It took a while and numerous meetings but I eventually persuaded them that running a Tor exit node is neither illegal nor unethical, but actively altruistic.”</p>
<p>And in Sweden at Karlstad University, <a href="http://www.cs.kau.se/philwint/">student researchers</a> have installed two middle relays and are currently in the midst of setting up an exit node as well. We wish them the best, as it would be a significant contribution to helping make the Internet safer for activists and journalists who rely on online anonymity tools such as Tor.</p>
<p>In Utah, <a href="https://www.jessevictors.com.">Jesse Victors</a>, a computer science graduate student at Utah State University is running <a href="//globe.torproject.org/#/search/query=utah">four relays and two exit nodes</a> at the university as part of his ongoing graduate research into online anonymity tools. He also assists new Tor users in discussion forums and even hosted a <a href="http://www.reddit.com/r/IAmA/comments/20243q/iaman_operator_of_eight_tor_relays_including_two/">Reddit AMA </a>to share his experiences earlier this year.</p>
<p>In Southern California, Alex Ryan, a rising sophomore at Caltech is running a relay too. “I had access to some really amazing resources, and I want to do my part to give back,” Ryan reported. “I think it's a really important tool in this day and age, and Tor is a way for people to avoid undue surveillance.”</p>
<p>As the preceding anecdotes illustrate, while some universities may initially object to running a Tor node on campus, it is possible.</p>
<h3>It makes sense to run a Tor node on university and college campuses</h3>
<p>University and college campuses function like Internet service providers unto themselves, delivering and uploading content for tens of thousands of users, hosting hundreds of sites, and maintaining email and other communications platforms for tens and even hundreds of thousands of students, faculty, staff, and alumni. University networks are often also very fast and have a vast IP address space. Tor benefits from a diversity of connections, and university networks are often a wonderful and reliable addition to the set of networks that host Tor nodes. Exit nodes can be configured so as not to be a strain on university.</p>
<p>What’s more, configuring and running a Tor node is a learning experience. All too often, <a href="https://www.eff.org/deeplinks/2013/10/silk-road-case-dont-blame-technology">Tor is maligned</a> through associations with illegal or criminal activity. But we know that this is a shallow and incomplete understanding of the uses and purposes of anonymous Internet usage. In fact, Tor was initially developed as a U.S. government project in association with the U.S. Naval Research Laboratory.</p>
<h3>Fostering safety and human rights online</h3>
<p>The truth is that anonymous browsing is essential for the exercise of the basic human right to free expression in countries where the Internet is filtered or blocked by oppressive regimes. Victims of domestic abuse or medical patients often need to explore the Internet and communicate without fear that their identity will be tied to their activity online, and all kinds of professionals, from inventors with trade secrets to lawyers that need to secure the confidentiality of their clients, use Tor to accomplish their work.</p>
<p>Setting up a Tor node on campus can be a vital and exciting learning opportunity. It helps those who are new to Tor shift away from the demonization of a freedom-enhancing technology, and move towards an understanding rooted in reality.</p>
<p>Professors and students who care about human rights and free speech have the opportunity to participate in strengthening a project of human rights technology. The larger and more diverse and dense the network of Tor nodes is, the better the project works. That means that anonymized Internet connections travel faster and people can use the Internet safely and more efficiently.</p>
<p>The ubiquitous use of privacy and security tools is the Internet’s best hope for protecting the people who really need those tools—people for whom the consequences of being caught speaking out against their government can be imprisonment or death. And the greater the number of ordinary people using Tor and Tails, the harder it is for the NSA to make the case that reading about or using these tools is <i>de facto</i> suspicious.</p>
<p>“Tor is also one of the strongest tools to fight against censorship and information control. I am just one person, and I feel very small when faced with these problems,” reported the student at Utah State University who runs six nodes. “I'm proud to help thousands of others preserve their freedoms. 2.4 million used Tor yesterday, and this number will no doubt continue to rise.”</p>
<p><i>There are a lot of reasons why a university might be concerned about having Tor traffic exit from their network. In a following post, we offer tips on how to get the conversation started on campus and things to think about when running Tor. It is very important to understand the risks as well as ways to lessen those risks; all of this is discussed in </i><i><i><a href="https://eff.org/deeplinks/2014/08/tor-campus-part-ii-icebreakers-and-risk-mitigation-strategies">part two</a></i> of this Deeplink.</i></p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Tor%20on%20Campus%2C%20Part%20I%3A%20It%E2%80%99s%20Been%20Done%20Before%20and%20Should%20Happen%20Again&amp;url=https%3A//www.eff.org/deeplinks/2014/08/tor-campus-part-i-its-been-done-and-should-happen-again&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Tor%20on%20Campus%2C%20Part%20I%3A%20It%E2%80%99s%20Been%20Done%20Before%20and%20Should%20Happen%20Again&amp;u=https%3A//www.eff.org/deeplinks/2014/08/tor-campus-part-i-its-been-done-and-should-happen-again" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2014/08/tor-campus-part-i-its-been-done-and-should-happen-again" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Tor%20on%20Campus%2C%20Part%20I%3A%20It%E2%80%99s%20Been%20Done%20Before%20and%20Should%20Happen%20Again&amp;url=https%3A//www.eff.org/deeplinks/2014/08/tor-campus-part-i-its-been-done-and-should-happen-again" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Mon, 04 Aug 2014 15:18:07 +0000April Glaser81647 at https://www.eff.orgAnonymityElectronic Frontier AllianceProtecting Your Anonymity and Privacy: A How-to for Sex Workers https://www.eff.org/deeplinks/2014/07/protecting-your-anonymity-how-sex-workers
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>Just as you take steps to protect your personal safety and health while engaging in real-life encounters, a sex worker should also be mindful of the dangers of the online world.</p>
<p>As we wrote in a separate <a href="https://www.eff.org/deeplinks/2014/07/whose-redbook-why-everyone-should-be-concerned-seizure-myredbookcom">blog post</a> today, the sex worker forum MyRedBook, along with its companion sites, have been seized by the FBI in connection with a criminal indictment. This could potentially mean that sensitive user data is in the hands of law enforcement.</p>
<p>We will be watching the situation closely to see how it develops. In the meantime, we hope that sex workers take advantage of some of the tools other vulnerable communities have used to keep themselves safer from government oppression.</p>
<p>No tool is foolproof, but we believe the following may be helpful:</p>
<p><strong><em>Use Tor</em></strong></p>
<p>One of the major concerns with the seizure of MyRedBook is that, regardless of what names or email addresses site visitors used, they could potentially still be tracked via IP addresses.</p>
<p>There is a way to avoid this, one that has been used by individuals in oppressive regimes across the world. As EFF technologist Cooper Quintin <a href="https://www.eff.org/deeplinks/2014/06/why-you-should-use-tor">explained</a> in a recent blog post, <a href="https://torproject.org/">Tor</a> is a network and a software package that helps anonymize Internet usage. Tor hides the source and destination of Internet traffic by routing it through various relays across the Internet.</p>
<p>There are many options when it comes to Tor, but the easiest way to use it is to download and use the <a href="https://www.torproject.org/download/download-easy.html.en">Tor Browser Bundle</a>, a version of Firefox that comes preconfigured to use Tor. If you were technologically savvy enough to use MyRedBook, then you have the skills to install this piece of software.</p>
<p><em><strong>Use TextSecure</strong></em></p>
<p>Phone numbers associated with individuals who used MyRedBook may have been seized. Records of text messages are particularly vulnerable to surveillance and seizure by law enforcement.</p>
<p>For Android users, <a href="https://whispersystems.org/">TextSecure</a> is one way to lessen this risk.</p>
<p>TextSecure is a free, open source app that encrypts all text messages stored on your phone. When it is used with other TextSecure users, it also encrypts your text messages over the air. It can replace the ordinary messaging system on any Android phone. While it is most secure when other users also have TextSecure, the encryption of messages on your phone is helpful regardless.</p>
<p>Unfortunately, TextSecure is not available for the iPhone OS at this time, although it is in development.</p>
<p><em><strong>Use good password security</strong></em></p>
<p>Another concern around the MyRedBook seizure is that passwords may have been seized. Password security is one of the easiest and most overlooked ways that anyone can make surveillance and targeting more difficult.</p>
<p>Many people re-use passwords for various accounts, or use short, simple passwords. Instead, you should use complex, unique passwords. Pick something that you haven’t used anywhere, and change it regularly. One way to make this easier is to use a password manager to store long, difficult passwords, or even generate passwords for you. </p>
<p> <a href="https://www.keepassx.org/">KeePassX</a> is an open-source program you can <a href="https://www.keepassx.org/downloads/">download</a> for free. Once you’ve downloaded it, you can create a database to store your passwords. The database is secured by a master password. You should ensure that this password is very secure, and easy to remember.</p>
<p><em><strong>Use disk encryption for your computer and mobile device</strong></em></p>
<p>Full disk encryption is one of the best ways you can ensure all the private information on your laptop, phone or tablet stays private if it's lost, seized, stolen, or if you choose to sell or give away your device in the future. Without it, anyone with a few minutes of physical access to your device can copy its contents, such as e-mail, contacts, web browsing history, etc., even if they don't have your password.</p>
<p>The latest version of Windows, Mac, iOS and Android all have ways to encrypt your local storage. You just need to turn it on. On Android devices, disk encryption can be enabled under security settings. Enable BitLocker on your Windows computer, and on Mac devices enable FileVault. Linux distributions provide a disk encryption checkbox you can check during installation.</p>
<p>Encryption requires a strong password to keep your data safe. On mobile devices, the disk encryption password is usually the same as your screen lock password, so make sure you use a strong, hard-to-guess screen lock password.</p>
<p><em><strong>Remember, none of these tools can completely anonymize you—but they can help anyone who wants to engage in free speech without government detection.</strong></em></p>
<p> </p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Protecting%20Your%20Anonymity%20and%20Privacy%3A%20A%20How-to%20for%20Sex%20Workers%20&amp;url=https%3A//www.eff.org/deeplinks/2014/07/protecting-your-anonymity-how-sex-workers&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Protecting%20Your%20Anonymity%20and%20Privacy%3A%20A%20How-to%20for%20Sex%20Workers%20&amp;u=https%3A//www.eff.org/deeplinks/2014/07/protecting-your-anonymity-how-sex-workers" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2014/07/protecting-your-anonymity-how-sex-workers" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Protecting%20Your%20Anonymity%20and%20Privacy%3A%20A%20How-to%20for%20Sex%20Workers%20&amp;url=https%3A//www.eff.org/deeplinks/2014/07/protecting-your-anonymity-how-sex-workers" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Tue, 01 Jul 2014 22:52:31 +0000Dia Kayyali81181 at https://www.eff.orgFree SpeechAnonymityWhose RedBook? Why Everyone Should be Concerned By the Seizure of MyRedBook.Comhttps://www.eff.org/deeplinks/2014/07/whose-redbook-why-everyone-should-be-concerned-seizure-myredbookcom
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>Last week, an online community for sex workers disappeared from the Internet. Visit SFRedbook.com, MyPinkBook.com, or MyRedBook.com right now, and you’ll only find the seals of the law enforcement agencies—the FBI, the DOJ, and the IRS—that <a href="http://www.fbi.gov/news/news_blog/operators-of-myredbook.com-website-arrested-on-prostitution-and-money-laundering-charges">seized the sites</a> as part of a prostitution and money laundering investigation.</p>
<p>The seizure is part of a disturbing trend of targeting sex workers, but more than that, it is an attack on the rights to free speech and free association exercised by a diverse group of people, many of whom have nothing to do with the alleged crimes.</p>
<p>MyRedBook and its companion sites served a large and diverse community of sex workers. The sites functioned as social media platforms, with discussion boards for users in topics from politics to financial tips. It also served as a resource guide with information ranging from <a href="https://web.archive.org/web/20130522010733/http://forum.myredbook.com/dcforum2/DCForumID15/1022.html">explanations of the law</a> as it pertains to sex work to health information. For archived versions of the forums sex workers no longer have access to, <a href="https://web.archive.org/web/20140402112352/http://forum.myredbook.com/forum/health">click here</a>.</p>
<p>These sites were essential tools for First Amendment protected speech and association—especially important for a community that values its privacy for a variety of legitimate reasons. This platform has been pulled out from under the feet of this community. As the <a href="http://swopbay.org/">Bay Area Sex Worker Outreach Project</a> (SWOP) said in a <a href="http://swopbay.org/2014/06/25/statement-on-myredbook-seizure/">statement</a>:</p>
<blockquote><p>Today we also lost extensive online forums for a community of sex workers to keep each other safe, screen clients, and blacklist predators. Myredbook also hosted resource guides for sex workers who were struggling and created a venue for community counseling for those in need. Many local outreach organizations used this forum to connect with vulnerable sex workers.</p></blockquote>
<p>To compound the destruction of this indispensible forum, the users of these sites now have cause to worry that their private information, such as IP addresses, phone numbers, and email addresses, may be in the hands of the FBI. In fact, news reports <a href="http://sanfrancisco.cbslocal.com/2014/06/25/eric-omuro-silicon-valley-entrepreneur-arrested-as-fbi-takes-down-san-francisco-sex-encounter-website-myredbook-com-redbook-prostitution/">specifically note</a>: “[FBI]Agents seized several boxes of evidence … including business documents and computer hardware.”</p>
<p>SWOP spokesperson Kristina Dolgin put it mildly when she <a href="http://sanfrancisco.cbslocal.com/2014/06/25/eric-omuro-silicon-valley-entrepreneur-arrested-as-fbi-takes-down-san-francisco-sex-encounter-website-myredbook-com-redbook-prostitution/">said</a>, “It’s a very scary thing.”</p>
<p>EFF has always supported freedom of association and free speech, no matter who is doing the talking. In fact, these rights are especially important for controversial groups. That’s why we are so concerned to see these sites shut down—especially on the heels of the <a href="https://www.eff.org/deeplinks/2014/04/moral-police-your-checking-account-chase-bank-shuts-down-accounts-adult">bank account closures</a> of sex workers nationwide.</p>
<p>It’s true that in many states, some forms of sex work are illegal. But sex workers have First Amendment rights to speak out about the issues that concern them, to advocate for changes in the law, to counsel each other, to discuss the issues that are important to them, and to advertise legally permissible services. And sex workers have First Amendment rights to associate with each other on Internet forums and elsewhere.</p>
<p>As society changes, its values and laws change as well. But the oppression of disfavored groups uses the same tactics. Today, sex workers are being oppressed, but it will be a different group tomorrow. When we allow any group to be silenced and targeted, we are paving the way for it to happen again. </p>
<p>EFF is keeping an eye on what happens in the case, and the ripple effect in the sex worker community as the criminal charges associated with this seizure move forward. In the meantime, we’ve compiled a list of <a href="https://www.eff.org/deeplinks/2014/07/protecting-your-anonymity-how-sex-workers">resources and strategies</a> sex workers can use to protect their anonymity.</p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Whose%20RedBook%3F%20Why%20Everyone%20Should%20be%20Concerned%20By%20the%20Seizure%20of%20MyRedBook.Com&amp;url=https%3A//www.eff.org/deeplinks/2014/07/whose-redbook-why-everyone-should-be-concerned-seizure-myredbookcom&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Whose%20RedBook%3F%20Why%20Everyone%20Should%20be%20Concerned%20By%20the%20Seizure%20of%20MyRedBook.Com&amp;u=https%3A//www.eff.org/deeplinks/2014/07/whose-redbook-why-everyone-should-be-concerned-seizure-myredbookcom" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2014/07/whose-redbook-why-everyone-should-be-concerned-seizure-myredbookcom" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Whose%20RedBook%3F%20Why%20Everyone%20Should%20be%20Concerned%20By%20the%20Seizure%20of%20MyRedBook.Com&amp;url=https%3A//www.eff.org/deeplinks/2014/07/whose-redbook-why-everyone-should-be-concerned-seizure-myredbookcom" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Tue, 01 Jul 2014 22:42:37 +0000Dia Kayyali81183 at https://www.eff.orgFree SpeechAnonymity7 Things You Should Know About Torhttps://www.eff.org/deeplinks/2014/07/7-things-you-should-know-about-tor
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p><b>Updated: July 1st at 6:30PM to add information about traffic correlation attacks.</b></p>
<p>We posted last week about the <a href="https://eff.org/torchallenge">Tor Challenge</a> and why <a href="https://www.eff.org/deeplinks/2014/06/why-you-should-use-tor">everyone should use Tor</a>. Since we started our Tor Challenge two weeks ago we have signed up over 1000 new Tor relays. But it appears that there are still some popular misconceptions about Tor. We would like to take this opportunity to dispel some of these common myths and misconceptions.</p>
<h2 class="western">1. Tor Still Works</h2>
<p>One of the many things that we learned from the NSA leaks is that Tor still works. According to the NSA <a href="http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document">"Tor Stinks"</a> slides revealed by the Guardian last year, the NSA is still not able to completely circumvent the anonymity provided by Tor. They have been able to compromise certain Tor users in specific situations. Historically this has been done by finding an exploit for the Tor Browser Bundle or by exploiting a user that has misconfigured Tor. The FBI—possibly in conjunction with the NSA—was able to find one serious exploit for Firefox that lead to the <a href="http://www.wired.com/2013/09/freedom-hosting-fbi/">takedown of Freedom Hosting</a> and exploit of its users. Firefox was patched quickly, and no major exploits for Firefox affecting Tor users appear to have been found since.<br />
As the Tor developers <a href="http://freehaven.net/anonbib/cache/draft-tor-design-2004.pdf">noted in 2004</a>, if someone is actively monitoring both your network traffic and the network traffic of the Internet service you're communicating with, Tor can't prevent them from deducing that you're talking to that service. Its design does assume that at least one side of the connection isn't being monitored by whomever you're trying to stay private from.</p>
<p>We can conclude from this that Tor has probably not been broken at a cryptographic level. The best attacks on Tor are side-channel attacks on browser bugs or user misconfiguration and traffic correlation attacks.</p>
<h2 class="western">2. Tor is Not Only Used by Criminals</h2>
<p>One of the most common misconceptions we hear is that Tor is only used by criminals and pedophiles. This is simply not true! There are many types of people that use Tor. Activists use it to circumvent censorship and provide anonymity. The military uses it for secure communications and planning. Families use Tor to protect their children and preserve their privacy. Journalists use it to do research on stories and communicate securely with sources. The Tor Project website has an excellent explanation of why Tor doesn't help criminals very much. To paraphrase: Criminals can already do bad things since they will break laws they have much better tools at their disposal than what Tor offers, such as botnets made with malware, stolen devices, identity theft, etc. In fact using Tor may help you protect yourself against some of these tactics that criminals use such as identity theft or online stalking.</p>
<p>You are not helping criminals by using Tor any more than you are helping criminals by using the Internet.</p>
<h2 class="western">3. Tor Does Not Have a Military Backdoor</h2>
<p>Another common opinion that we hear is that Tor was created by the military and so it must have a military backdoor. There is no backdoor in the Tor software. It is true that initial development of Tor was funded by the US Navy. However, it has been audited by several very smart cryptographers and security professionals who have confirmed that there is no backdoor. Tor is open source, so any programmer can take a look at the code and verify that there is nothing fishy going on. It is worked on by a team of activists who are extremely dedicated to privacy and anonymity.</p>
<h2 class="western">4. No One in the US Has Been Prosecuted For Running a Tor Relay</h2>
<p>As far as EFF is aware, no one in the US has been sued or prosecuted for running a Tor relay. Furthermore we do not believe that running a Tor relay is illegal under US law. This is, of course, no guarantee that you won't be contacted by law enforcement, especially if you are running an exit relay. However EFF believes this fact so strongly that we are running our own Tor relay. You can find out more about the legalities of running a Tor relay at the <a href="https://www.eff.org/torchallenge/faq.html">Tor Challenge Legal FAQ</a>. However, if you are going to use Tor for criminal activity (which the Tor project asks that you not do) you can create more problems for yourself if you get prosecuted. Criminal activity also brings more scrutiny on to Tor making it worse for the public as a whole.</p>
<h2 class="western">5. Tor is Easy to Use</h2>
<p>You might think that because it is privacy software Tor must be hard to use. This is simply not true. The easiest way to get started with Tor is to download the <a href="https://www.torproject.org/projects/torbrowser.html.en">Tor Browser Bundle</a>. This is a browser that comes pre-configured to use Tor in a secure manner. It is easy to use and is all you need to start browsing with Tor. Another easy way to use Tor is with <a href="https://tails.boum.org/">Tails</a>. Tails is a live operating system that runs on a DVD or thumb drive. Tails routes your entire Internet connection through Tor. And when you shut it down, Tails “forgets” everything that was done while it was running.</p>
<h2 class="western">6. Tor is Not as Slow as You Think</h2>
<p>It is true that Tor is slower than a regular Internet connection. However, the Tor developers have been doing a lot of hard work to make the Tor network faster. And it is faster today than ever before. One of the best things that can be done to speed up the Tor network is to create more relays. If you would like to contribute to making the Tor network faster, you can check out our <a href="https://eff.org/torchallenge">Tor Challenge</a></p>
<h2 class="western">7. Tor is Not Foolproof</h2>
<p>Tor is not perfect; you can destroy your own anonymity with Tor if you use it incorrectly. That's why it is important to always use Tor Browser Bundle or Tails and make sure that you keep your software up to date. It is also important to remember that if you log into services like Google and Facebook over Tor, those services will still be able to see your communications within their systems. Additionally Tor users should be mindful of the fact that an adversary who can see both sides of their connection may be able to perform a statistical analysis to confirm that the traffic belongs to you.</p>
<p>Tor is some of the strongest anonymity software that exists. We think that it is important to dispel misconceptions about it so that the public can be more informed and confident in its usefulness. There are many great reasons to use Tor and very few reasons not to. So get started with Tor, and take back your privacy online.</p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=7%20Things%20You%20Should%20Know%20About%20Tor&amp;url=https%3A//www.eff.org/deeplinks/2014/07/7-things-you-should-know-about-tor&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=7%20Things%20You%20Should%20Know%20About%20Tor&amp;u=https%3A//www.eff.org/deeplinks/2014/07/7-things-you-should-know-about-tor" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2014/07/7-things-you-should-know-about-tor" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=7%20Things%20You%20Should%20Know%20About%20Tor&amp;url=https%3A//www.eff.org/deeplinks/2014/07/7-things-you-should-know-about-tor" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Tue, 01 Jul 2014 22:41:10 +0000Cooper Quintin81180 at https://www.eff.orgTechnical AnalysisAnonymityPrivacyLocational PrivacySecurityLGBTQ Communities in the Arab World Face Unique Digital Threatshttps://www.eff.org/deeplinks/2014/04/lgbtq-communities-arab-world-face-unique-digital-threats
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p dir="ltr">Across the Arab world, LGBTQ communities still struggle to gain social recognition, and individuals still face <a href="http://equaldex.com/">legal penalties</a> for consensual activities. In Saudi Arabia, Yemen, and Iraq, homosexuality is <a href="http://equaldex.com/">punishable by death</a>. In 2001, <a href="https://en.wikipedia.org/wiki/Cairo_52">52 men were arrested for being gay</a> in Cairo. And in Syria, Algeria, and the United Arab Emirates, being outed as homosexual means facing years in prison. While activists in some countries, such as Lebanon, have <a href="http://www.policymic.com/articles/84401/gays-in-lebanon-just-snagged-a-major-victory">made progress</a> toward greater rights, personal security remains an imperative.</p>
<p dir="ltr">In countries where homosexuality remains taboo or punishable by law, it makes sense for lesbian, gay, bisexual, trans*, and other queer-identifying (LGBTQ) people to explore their sexual identity online. But the Internet is increasingly becoming a risky place for exploration. More and more governments in the region are using digital surveillance to entrap, arrest, detain, and harass individuals who visit LGBTQ websites or chat rooms, or who use social media to protest homophobic laws and social stigmas. Meanwhile, nationwide filtering and complicit Internet search companies have censored content relating to homosexuality by blocking websites and restricting keyword searches in countries like Sudan, Yemen, and across the Gulf region.</p>
<p dir="ltr"><strong>Fear and self-censorship</strong></p>
<p dir="ltr">In Saudi Arabia, <a href="https://en.wikipedia.org/wiki/Committee_for_the_Promotion_of_Virtue_and_the_Prevention_of_Vice_%28Saudi_Arabia%29">religious police</a> have outed individuals, resulting in their incarceration. One man in the kingdom was <a href="http://www.pinknews.co.uk/2012/01/13/man-arrested-for-facebook-gay-date-in-saudi-arabia/">arrested by the religious police for using Facebook</a> to find and date other men. This happens often, but it is extremely difficult to collect details of cases, since being publicly accused of homosexuality can ruin one's life. Outed homosexuals may be permanently ostracized from their families, lose all job prospects, and destroy the reputation of their social networks.</p>
<p dir="ltr">Another man in Saudi Arabia was jailed for three years and tortured with 150 lashes after a police officer <a href="http://paper-bird.net/2013/12/19/jeddah-prison-cell-18-entrapped-in-saudi-arabia/">entrapped him in a public chatroom</a> and asked to meet in person with all of his makeup and drag outfits in tow. Men who are arrested are often detained in a cell designated for gay men in <a href="http://observers.france24.com/content/20131217-saudi-prison-beatings-sytem-video">Braiman Prison</a> in Jeddah, where anywhere between 50-75 men have been reported to be packed into a single cell. Men detained in the designated cell have reported that they were entrapped by police while using chat and hook-up sites like Hornet, U4Bear, and WhosHere.</p>
<p dir="ltr">Saudi Arabia isn’t the only country utilizing these tactics. In the United Arab Emirates, where male homosexuality is <a href="http://equaldex.com/region/united-arab-emirates">punishable by death</a>, men have been <a href="http://www.queerid.com/topic.aspx?topicid=24406">detained</a> for looking for sex partners in chat rooms (presumably ensnared by covert police officers). And in neighboring Iran, a <a href="http://inthesetimes.com/article/2458/iran_anti_gay_pogrom">massive Internet entrapment campaign</a> a few years ago put dozens of men in jail, many of whom were subject to public torture.</p>
<p dir="ltr">Tactics like entrapment—and the severe consequences that follow—undoubtedly lead to self-censorship, as those looking for moral support or partnership online may fear that doing so could ruin their lives.</p>
<p dir="ltr"><b>A range of threats</b></p>
<p dir="ltr">It’s not just individuals doing the censoring. <a href="https://opennet.net/sex-social-mores-and-keyword-filtering-microsoft-bing-arabian-countries">State censorship of sexual content</a> abounds online, and LGBTQ content in particular is frequently a target. Support and health websites, and LGBTQ publications are regularly shut down or become inactive. As journalist Anna Lekas Miller <a href="http://techpresident.com/news/wegov/22823/middle-east-marginalized-lgbt-youth-find-supportive-communities-online">recently wrote</a>, the Syrian Same Sex Society Network now renders a blank page, while an Egyptian online publication was recently shut down on “security” grounds.</p>
<p dir="ltr">Other countries are known to filter LGBTQ sites nationwide, and U.S. search engine companies have been complicit. Microsoft's Bing service has been <a href="http://www.accuracast.com/news/search-7471/microsoft-bing-censors-gay-searches-in-middle-east/">found to censor gay and lesbian sites</a> in Arabic countries. A 2010 study revealed that a search for the world “lesbian” on Bing with Arab country settings turned on resulted in the message, “Your country or region requires a strict Bing Safe Search setting, which filters out results that might return adult content.”</p>
<p dir="ltr">LGBTQ individuals and communities are right to be cautious. Combined with the usual range of risks faced by Internet users in the region, these additional threats mean that such communities are particularly vulnerable. Fortunately, there are tools available to help users stay safe online and circumvent censorship.</p>
<p dir="ltr">Our friends at the Tactical Technology Collective have put together a <a href="https://securityinabox.org/en/context/01">set of digital security tools and tactics</a> for LGBT groups in the Arab world available in both English and <a href="https://securityinabox.org/ar/context/01">Arabic</a>. Written in collaboration with LGBTQ activists from the Arab world, the guide is a prelude to <a href="https://securityinabox.org/">Security in a Box</a> and offers specific advice for the regional context. Today, many privacy-enhancing technologies—such as TextSecure and Tor—are available in Arabic as well. With increased awareness of online threats (thanks to Edward Snowden's revelations about NSA spying), it's become easier than ever to find tools and tactics for staying safe online.</p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=LGBTQ%20Communities%20in%20the%20Arab%20World%20Face%20Unique%20Digital%20Threats&amp;url=https%3A//www.eff.org/deeplinks/2014/04/lgbtq-communities-arab-world-face-unique-digital-threats&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=LGBTQ%20Communities%20in%20the%20Arab%20World%20Face%20Unique%20Digital%20Threats&amp;u=https%3A//www.eff.org/deeplinks/2014/04/lgbtq-communities-arab-world-face-unique-digital-threats" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2014/04/lgbtq-communities-arab-world-face-unique-digital-threats" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=LGBTQ%20Communities%20in%20the%20Arab%20World%20Face%20Unique%20Digital%20Threats&amp;url=https%3A//www.eff.org/deeplinks/2014/04/lgbtq-communities-arab-world-face-unique-digital-threats" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Wed, 23 Apr 2014 18:44:49 +0000April Glaser and Jillian York80020 at https://www.eff.orgCommentaryFree SpeechAnonymityInternationalArmenian Bill Threatens Online Anonymityhttps://www.eff.org/deeplinks/2014/04/armenian-bill-threatens-online-anonymity
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p class="MsoNormal"><span>In Armenia, online anonymity could be a luxury of the past if a bill that is currently before the Armenian parliament is passed. The bill would make it illegal for media outlets to publish defamatory content by anonymous or fake sources. Additionally, under this bill, sites that host libelous comments that are posted anonymously or under a pseudonym would be required to remove such content within 12 hours unless an author is identified.</span><span></span></p>
<p class="MsoNormal"><span></span><span>Edmon Marukyan, one of the bill’s drafters, explained the goal of the bill <a href="http://iwpr.net/report-news/armenia-mulls-web-libel-law">saying</a></span><span>, “You can remain incognito as much as you like. Write your posts, but if they end up in the media, then someone has to bear responsibility.” Thus this bill was drafted in an effort to hold a party accountable if and when the dissemination of defamatory material on public websites occurs. However, the need for Armenian legislators to target media outlets and hold them responsible for this type of commentary greatly infringes upon the right to freedom of expression and association.<span> </span></span><span>Marukyan believes that sites “bear responsibility” for users' comments, but </span><span><a href="http://iwpr.net/report-news/armenia-mulls-web-libel-law"><span></span><span>said</span></a></span><span> “the purpose of the bill was to clarify liability, not curb expression.” Unfortunately, the bill would most certainly curb expression—stifling the commentary of those who would no longer feel secure posting on a medium that would require them to reveal their true self.</span></p>
<p class="MsoNormal"><span></span><span></span><span>Holding a public electronic site liable for its users’ commentary is risky, as displayed in a <a href="http://www.osce.org/fom/116911?download=true">legal analysis</a> of the Armenian bill published in March 2014 by the Organization for Security and Co-operation in Europe (OSCE). The OSCE raises concerns with the bill, mainly criticizing it for its excessively broad scope, vague definitions, and general lack of clarity.<span> </span>The OSCE proposes that Armenia, though not a member state of the European Union (and thus not legally bound to EU law), look to European law and other directives as a guide for determining whether the bill upholds the right to freedom of expression as outlined by the Universal Declaration of Human Rights. Legislation that is noted in the OSCE’s legal analysis includes <a href="http://europa.eu/legislation_summaries/information_society/data_protection/l14012_en.htm">Directive 95/46/EC</a> (Directive on Data Protection), “a reference text, at European level, on the protection of personal data."</span></p>
<p class="MsoNormal"><span>Furthermore, the OSCE notes that since Armenia <i>is</i> a member state of the United Nations, it is obligated to uphold the civil and political rights of individuals outlined in the <a href="http://www.ohchr.org/EN/ProfessionalInterest/Pages/CCPR.aspx">International Covenant on Civil and Political Rights</a> (ICCPR)—an </span><span>international treaty aimed at preserving the right to freedom of expression, amongst other liberties. Additionally, the legal analysis points to the <a href="https://en.necessaryandproportionate.org/text">International Principles on the Application of Human Rights to Communications Surveillance</a> (the 13 Principles) </span><span>as another guide for the Armenian parliament to use when determining whether or not the proposed bill is consistent with human rights law. </span></p>
<p class="MsoNormal"><span>The OSCE <a href="http://www.osce.org/fom/116911?download=true">writes</a> that if the bill is passed, it’s “likely to discourage Internet operators from carrying out business in the Republic of Armenia, since the risk of being charged with liability for defamation is apparently doomed to increase.” It would be devastating if certain online platforms that were once available for anonymous users to post and exercise their basic human right to freedom of expression were suddenly inaccessible.</span><span></span></p>
<p class="MsoNormal">Stay tuned for updates on the bill and click <a href="http://www.osce.org/fom/116911?download=true">here</a> to read the Legal Analysis of Draft Amendments to the Civil Code of the Republic of Armenia in its entirety.</p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Armenian%20Bill%20Threatens%20Online%20Anonymity&amp;url=https%3A//www.eff.org/deeplinks/2014/04/armenian-bill-threatens-online-anonymity&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Armenian%20Bill%20Threatens%20Online%20Anonymity&amp;u=https%3A//www.eff.org/deeplinks/2014/04/armenian-bill-threatens-online-anonymity" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2014/04/armenian-bill-threatens-online-anonymity" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Armenian%20Bill%20Threatens%20Online%20Anonymity&amp;url=https%3A//www.eff.org/deeplinks/2014/04/armenian-bill-threatens-online-anonymity" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Wed, 16 Apr 2014 21:05:07 +0000Kimberly Carlson79950 at https://www.eff.orgCommentaryFree SpeechAnonymityPhilippines: Inching Toward Censorshiphttps://www.eff.org/deeplinks/2014/04/philippines-inching-toward-censorship
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p dir="ltr">[Accessing] any part of a computer system without right. Cyber-squatting. Cybersex. Computer-related forgery. What do these things have in common? They are all punishable acts under Philippines’ Cybercrime Prevention Act.</p>
<p>EFF has closely followed the<a href="http://www.gov.ph/2012/09/12/republic-act-no-10175/"> Philippines Republic Act No. 10175</a>, also known as the Cybercrime Prevention Act, since it was<a href="https://www.eff.org/deeplinks/2012/09/philippines-new-cybercrime-prevention-act-troubling-free-expression"> passed</a> in September 2012. This controversial Act has been attacked by journalists and rights groups who oppose its draconian legislation, in particular, the libel provision that criminalizes anonymous online criticism. In October 2012, activists in the Philippines took to social media and—taking a cue from the PIPA/SOPA protests—campaigned for<a href="https://www.eff.org/deeplinks/2012/10/dark-day-philippines-government-passes-cybercrime-act"> website blackouts</a> to encourage action against the law. Then in 2013, a crowdsourced document called the<a href="https://www.eff.org/deeplinks/2013/07/brief-analysis-magna-carta-philippine-internet-freedom"> Magna Carta for Internet Freedom</a> was brought to the Senate that, if passed, could have repealed the Act.</p>
<p>These efforts did not go unnoticed; in February of this year, the Supreme Court of the Philippines tempered segments of the Act,<a href="http://www.abs-cbnnews.com/nation/02/18/14/sc-declares-constitutional-internet-libel"> declaring certain provisions</a>—including posting a link to libelous material—unconstitutional.</p>
<p>The recent decision by the Philippine Supreme Court deemed the following sections of the Act unconstitutional:</p>
<blockquote><p dir="ltr">Unsolicited Commercial Communications. — The transmission of commercial electronic communication with the use of computer system which seek to advertise, sell, or offer for sale products and services are prohibited;</p>
<p dir="ltr">Restricting or Blocking Access to Computer Data. — When a computer data is prima facie found to be in violation of the provisions of this Act, the DOJ shall issue an order to restrict or block access to such computer data;</p>
<p dir="ltr">Real-Time Collection of Traffic Data. — Law enforcement authorities, with due cause, shall be authorized to collect or record by technical or electronic means traffic data in real-time associated with specified communications transmitted by means of a computer system.</p>
</blockquote>
<p>To summarize, sending spam cannot be considered a crime; the Department of Justice cannot restrict access to or block websites without a court order; and the government cannot monitor phone or internet use in “real-time” without prior court order or warrant.</p>
<p>While this ruling is a step in the right direction, the Supreme Court did ultimately uphold the constitutionality of the Cybercrime Prevention Act as a whole, meaning several articles and provisions that pose a threat to freedom of expression and speech still remain—specifically the law on libel, the one act with which most rights groups are particularly concerned.</p>
<p>The Internet libel provision was<a href="http://www.abs-cbnnews.com/nation/02/18/14/sc-declares-constitutional-internet-libel"> upheld</a> by the Philippine Supreme Court, but was distinguished by one important exception from the original law—that only the original author of libelous content can be punished by law, not the recipients who react to, like, or share said libelous content.</p>
<p>Even with this revision, censoring anonymous online criticism is a slippery slope. Many media organizations are working to decriminalize libel in the Philippines. According to the Philippine Center for Investigative Journalism<a href="http://pcij.org/blog/2014/02/21/amnesty-intl-hits-ph-libel-laws-netizens-to-appeal-sc-ruling"> blog</a>, “The Philippines is one of few countries in the world where libel is considered a criminal offense punishable with a prison term. Libel in the Philippines is also unique in that an allegedly libelous statement is presumed to be tainted with malice until the accused proves otherwise.”</p>
<p>Unfortunately, such laws are more common than the Center suggests: Russia, Venezuela, Azerbaijan, Albania, India, and South Korea are <a href="http://www.article19.org/defamation/map.html">just a few of the countries</a> that still consider defamation and libel a criminal offense punishable by imprisonment.</p>
<p>Although the Supreme Court's recent decision on the constitutionality of the Cybercrime Prevention Act provides drastic improvements over the Act's original text, the still highly controversial law continues to worry rights groups about the current state of Internet censorship in the Philippines. Some Filipino politicians seem to be tipping more and more towards Internet censorship—as seen through the recent legislation that requires Internet service providers to install filters to<a href="http://www.thenews.com.pk/Todays-News-1-238994-Philippines-Internet-providers-to-install-child-porn-filters"> block access</a> child porn. Granted, the Philippines hasn't landed on the Reporters Without Borders' “<a href="http://12mars.rsf.org/2014-en/#slide2">Enemies of the Internet</a>” list, yet, however it's certainly a country on which we’re keeping watch.</p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Philippines%3A%20Inching%20Toward%20Censorship&amp;url=https%3A//www.eff.org/deeplinks/2014/04/philippines-inching-toward-censorship&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Philippines%3A%20Inching%20Toward%20Censorship&amp;u=https%3A//www.eff.org/deeplinks/2014/04/philippines-inching-toward-censorship" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2014/04/philippines-inching-toward-censorship" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Philippines%3A%20Inching%20Toward%20Censorship&amp;url=https%3A//www.eff.org/deeplinks/2014/04/philippines-inching-toward-censorship" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Thu, 03 Apr 2014 20:13:23 +0000Jillian York and Kimberly Carlson79764 at https://www.eff.orgCommentaryFree SpeechAnonymityInternationalDigital Freedom Is an LGBT Issuehttps://www.eff.org/deeplinks/2014/02/digital-freedom-lgbt-issue
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p><i></i><strong><img src="/files/2014/02/10/rainbow-eff.png" class="align-right" height="255" width="255" /></strong></p>
<p>Since 1990, the Electronic Frontier Foundation has been fighting to make sure when you go online your rights come with you. For the LGBT community, these rights are especially important.</p>
<h3>We're Fighting for Your Right to Free Speech<b> </b></h3>
<p>Free Speech is strongly protected in the United States. That means that people in the U.S. are free to talk about queer issues online without fear of government intervention. In places like Russia, however, the government just <a href="http://gaycitynews.com/russian-gay-activist-speaks/">passed a law</a> banning "propaganda of nontraditional sexual relations to minors," a law used by the Russian government to limit speech by the LGBT community and silence the gay rights community. EFF fights for freedom of speech all over the world, protecting users from government laws or actions that unlawfully inhibit free expression in our digital communications.</p>
<h3>We're Fighting for Your Right to Privacy</h3>
<p>Many in the LGBT community grapple with the right to privacy. Whether you're exploring your sexual identity online, seeking support from LGBT peers when there are none available in your community, or keeping your sexual orientation secret from your family, co-workers, or classmates out of fear of bullying or reprisals, <a href="https://www.eff.org/deeplinks/2013/10/online-anonymity-not-only-trolls-and-political-dissidents">protecting your privacy online</a> may be an important part of protecting your physical safety.</p>
<h3>EFF is Fighting For Your Right to Freedom from Government Surveillance</h3>
<p>Historically, government surveillance has been used to out, blackmail, humiliate, and bully LBGT people. In the 1960’s FBI Director J. Edgar Hoover maintained a notorious 'Sex Deviate' file filled with salacious bits of information on the sexual proclivities of prominent Americans: actors, columnists, activists, members of Congress, and even presidents. Hoover used that information to ensure appropriations for the FBI and expand his political power. 2013 documents reveal that agents used the NSA's out-of-control surveillance apparatus to spy on and track women and that the NSA <a href="https://www.eff.org/deeplinks/2013/11/nsa-tracking-online-porn-viewing-discredit-radicalizers">tracked the porn-viewing habits</a> of “radicalizers” in order to discredit them.</p>
<h3>We're Fighting for Your Right to Share and Innovate</h3>
<p>Threats to intellectual property often are waged against people that are most vulnerable and without access to expensive legal support. EFF has stood up to trademark bullying. We fought and won a case to protect the <a href="https://www.eff.org/press/releases/big-win-gaymers-blogger-surrenders-bogus-trademark-claim">rights of gay 'Gaymers'</a>. We have opposed the <a href="https://www.eff.org/deeplinks/2013/11/tpp-leak-confirms-worst-us-negotiators-still-trying-trade-away-internet-freedoms%20http://ipsd.typepad.com/ipsd/access-to-medicines/">attacks on access to medicines in international treaties</a> such as ACTA and TPP, which use "anti-counterfeiting" language to limit the production and distribution of generic medicines, including anti-retrovirals critical in the management of HIV/AIDS.</p>
<h3>What you can do</h3>
<ul><li><b>Protect Your Anonymity</b>: Reference one of our <a href="https://www.eff.org/deeplinks/2012/11/tutorial-how-create-anonymous-email-accounts">many guides</a> for safe and private online behavior.<b></b></li>
<li><b>Protect Your Rights:</b> Support <a href="https://www.eff.org/action">our campaigns</a> calling on governments to safeguard digital rights</li>
<li><b>Download and share EFF’s one-pager: </b><a href="https://www.eff.org/document/digital-freedom-lgbt-issue">https://www.eff.org/document/digital-freedom-lgbt-issue</a><b> </b></li>
</ul><p><i>This is the first in a series of posts in which EFF will unpack how we fight to uphold basic human rights in light of new and existing technologies that affect minorities and disenfranchised communities in disproportionate and often discriminatory ways. Because technology and communication are central to so many efforts to effect social change, digital freedom should matter to you. In our first piece, we illustrate how the protection of our digital civil liberties is intrinsically connected to the particular needs and rights of people who identify as lesbian, gay, bisexual, or transgender. This blog post </i><i>also exists as a </i><a href="https://www.eff.org/document/digital-freedom-lgbt-issue"><i>one-pager</i></a><i>, which we encourage you to share and distribute widely. </i></p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Digital%20Freedom%20Is%20an%20LGBT%20Issue&amp;url=https%3A//www.eff.org/deeplinks/2014/02/digital-freedom-lgbt-issue&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Digital%20Freedom%20Is%20an%20LGBT%20Issue&amp;u=https%3A//www.eff.org/deeplinks/2014/02/digital-freedom-lgbt-issue" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2014/02/digital-freedom-lgbt-issue" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Digital%20Freedom%20Is%20an%20LGBT%20Issue&amp;url=https%3A//www.eff.org/deeplinks/2014/02/digital-freedom-lgbt-issue" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Mon, 10 Feb 2014 20:09:45 +0000April Glaser and Eva Galperin78808 at https://www.eff.orgFree SpeechAnonymityInnovationPrivacyAn Open Letter Urging Universities To Encourage Conversation About Online Privacyhttps://www.eff.org/deeplinks/2013/12/open-letter-urging-universities-encourage-conversation-about-online-privacy
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>When a group of students from Iowa State University (ISU) contacted us earlier this month about forming an ISU Digital Freedom group, they were facing an unexpected problem: despite their simple goal of fostering a healthy conversation around <a href="https://www.eff.org/pages/tor-challenge">freedom-enhancing software</a>, the university administration denied them official recognition. The university has since granted the Digital Freedom group the green-light to meet on campus, but under unduly restrictive conditions. These students’ story is instructive to students around the country and the world who are concerned about online privacy.</p>
<p>The administration initially denied the Digital Freedom Group's proposal because it did not want ISU students either to advocate for or participate in the “secrecy network” Tor, and would not permit the student group to use any “free software designed to enable online anonymity.” The students had not proposed that a Tor node be established on campus. Rather they asked that they be able to provide a forum to “discuss, learn and practice techniques to anonymize and protect digital communication.”</p>
<p>The students were told they had to gain clearance from the Iowa State University attorneys and security clearance from the university's Chief Information Officer. They were ultimately successful, and Iowa State University is now home to its very own Digital Freedom Group.</p>
<p>EFF strongly supports the formation of student groups like the Digital Freedom Group that aim to discuss and learn about methods for secure and private use of the Internet. We submit this open letter to campus activity review boards across the world that may feel a similar hesitation on the topic of online anonymity and privacy. Students, professors, and staff from other universities are invited to contact us [ <a href="mailto:students@eff.org">students@eff.org</a> ] with stories of misguided, speech-chilling policies.</p>
<blockquote><p>University administrations around the world,</p>
<p>A healthy conversation about online privacy should never be stifled. Yet we've heard too many stories of students whose efforts to initiate these conversations have faced roadblocks from university administrators fearful of encryption and anonymity software.</p>
<p>But the time has come now to embrace these technologies, not blindly reject them. There is nothing to fear about online privacy and the various tools available to achieve it.</p>
<p>The <a href="https://www.eff.org/deeplinks/2013/10/silk-road-case-dont-blame-technology">demonization of technology because of a few bad actors</a> is a dangerous path. Think about it: the classification of a computer as a machine designed for cybercrime, makes no more sense than maligning cell phones because drug dealers use them to make illegal sales. Instead, we should encourage ethical and responsible use of technologies. The best way to do this is through meaningful conversation that explains how technologies function and the myriad ways technology is and can be utilized.</p>
<p>Tor, in particular, was originally developed by the U.S. Naval Research Laboratory for the purposes of protecting government communications. But today it is used to serve a variety of needs. Journalists use Tor to protect the anonymity of their sources; Internet users in countries where information is censored use Tor to circumvent oppressive firewalls; lawyers use Tor to exchange sensitive information relating to a case; corporations use Tor to protect trade secrets; and people use Tor everyday to have conversations about topics they might feel uncomfortable discussing without the protection anonymity provides. The technology is popular among survivors of rape or gang violence and medical patients who want to take part in online communities, but may only wish do so anonymously.</p>
<p>Anonymous speech has a long history in democratic societies, particularly when used by those whose politically contentious views might have put them ill-at-ease amongst their contemporaries (like Mark Twain, Voltaire, and George Orwell—all pen names). The Federalist Papers were written under the collective pen name Publius to protect the identities of the individual authors. In a similar fashion, Tor gives people the opportunity to discuss anything, freely and without fear of being tracked or chastised for their opinions.</p>
<p>There are other free software tools that we consider to be good hygiene for a privacy-conscious user, like GPG email encryption, which is used to keep email communication private from malicious hackers or unconstitutional government surveillance. There is also our <a href="https://www.eff.org/https-everywhere-node">HTTPS Everywhere</a> browser extension, designed to encrypt data that travels between a user's computer and a website. These practices are not designed to cloak criminals from the view of law-enforcement. Rather, they are intended to make experiences online as trustworthy as possible, despite the fact that the interactions occur across great distances between people and organizations that may never meet in the physical sense.</p>
<p>Conversations about online privacy and security should be encouraged, and never silenced. The more that students understand how security threats function and the myriad ways they can protect their communications and identity, the less vulnerable they are to cybercrime or unwanted surveillance. Privacy technologies can be introduced as a framework grounded in ethical applications and First Amendment principles.</p>
<p>Please never hesitate to contact the Electronic Frontier Foundation with questions about online privacy or anonymity tools, and more importantly, think twice before ever limiting what students can and cannot discuss openly, especially when it comes to the use of technology. Healthy and open dialogue about how students can, should, and do use existing technologies is far better than forcing secrecy, which may only serve to promote notions of criminality about Internet practices that, if used properly, serve to enhance and protect our basic rights online.</p>
<p>Securely and sincerely,</p>
<p>The Electronic Frontier Foundation</p>
<p>PS: Please see and share our “<a href="https://www.eff.org/document/tor-myths-and-facts">Myths and Facts About Tor</a>” document for a deeper discussion about the oft-misunderstood software.</p>
<p> </p></blockquote>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=An%20Open%20Letter%20Urging%20Universities%20To%20Encourage%20Conversation%20About%20Online%20Privacy&amp;url=https%3A//www.eff.org/deeplinks/2013/12/open-letter-urging-universities-encourage-conversation-about-online-privacy&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=An%20Open%20Letter%20Urging%20Universities%20To%20Encourage%20Conversation%20About%20Online%20Privacy&amp;u=https%3A//www.eff.org/deeplinks/2013/12/open-letter-urging-universities-encourage-conversation-about-online-privacy" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2013/12/open-letter-urging-universities-encourage-conversation-about-online-privacy" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=An%20Open%20Letter%20Urging%20Universities%20To%20Encourage%20Conversation%20About%20Online%20Privacy&amp;url=https%3A//www.eff.org/deeplinks/2013/12/open-letter-urging-universities-encourage-conversation-about-online-privacy" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Mon, 02 Dec 2013 18:40:38 +0000April Glaser77796 at https://www.eff.orgFree SpeechAnonymityPrivacyDo Not TrackEncrypting the WebSecurityThe PRISM is Not Enough: Government Spies on Google and Yahoo's Internal Networkshttps://www.eff.org/deeplinks/2013/10/prism-is-not-enough
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>Just in time for Halloween, the <em>Washington Post</em> has brought us a <a href="http://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html">horror story</a> about U.S. and U.K. intelligence agencies reading massive amounts of private data directly off of the internal communications infrastructure of U.S. Internet giants Google and Yahoo.</p>
<p>The <em>Post</em>'s report reveals that the spy agencies tapped into the internal, private fiber-optic links between the companies' data centers. This gave the spooks a view into corporate and customer data moving between data centers—data that the companies likely didn't encrypt because they viewed these dedicated private links as secure. That means that the private communications of millions of ordinary users, both foreign and domestic, were exposed to surveillance by the intelligence agencies.</p>
<p>A chilling back-of-the-napkin sketch obtained by the <em>Post</em> depicts user data protected by SSL/TLS encryption as it traveled over the public Internet—but unprotected and exposed to spying within the companies' internal infrastructure.</p>
<p><img src="/files/2013/10/30/googlespypostit.png" alt="" height="261" width="431" /></p>
<h3>What does this mean for ordinary users?</h3>
<p>The story suggests that the user data (including the text of chats and e-mails, as well as metadata about users' relationships and whereabouts) probably was intercepted as it flowed over the private links. There's no way to know exactly whose data was intercepted, but potentially all users of these services—or other services that may have been attacked in the same way—could have had their data monitored.</p>
<p>Google, at least, said <a href="http://www.pcmag.com/article2/0,2817,2424133,00.asp">last month</a> that it was deploying more encryption internally to protect against this monitoring in the future. In a statement issued today, Google's chief legal officer, David Drummond said, “We have long been concerned about the possibility of this kind of snooping, which is why we continue to extend encryption across more and more Google services and links.” A Yahoo spokesperson said, “We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency.” Yahoo has not yet clarified whether it will take new technical measures to protect against this spying.</p>
<p>Users who used third-party encryption software like OTR to encrypt their messages may have been partially protected because their intercepted communications would still have been encrypted as they transited the companies' internal networks.</p>
<p>The materials published by the <em>Post</em> suggest that the SSL/TLS encryption used to protect users' data on sites that use HTTPS provides privacy and security benefits: the author of the spooky napkin sketch implicitly regards it as non-trivial for NSA to remove this encryption. That's why NSA would rather go around it and try to access our communications after they've already been decrypted.</p>
<h3>What should technology companies do about this kind of monitoring?</h3>
<p>This reporting goes to show that the intelligence agencies are sophisticated attackers that are prepared to find and take advantage of the weakest link in a chain of protections. So companies need to <a href="http://news.cnet.com/8301-13578_3-57610139-38/6-steps-silicon-valley-can-take-to-protect-users-from-nsa-spying">examine</a> the entire set of protections that apply across their infrastructure, to identify and address the weak links. One specific precaution that would be valuable for companies with their own distributed data centers is to ensure that they're using state-of-the-art VPNs or link encryption between their facilities. Indeed, encryption even between the devices within a data center may be an important precaution if the routers and switches connecting those devices can be targeted with malware—though such attacks don't appear to be part of the monitoring revealed by the <em>Post</em>.</p>
<p>These attacks remind us that there are many ways that a network can be untrustworthy, and that encryption is the main technology we have for keeping data safe on untrustworthy networks. Now is a great time to think about how we can use more encryption and make sure that we're using it correctly.</p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=The%20PRISM%20is%20Not%20Enough%3A%20Government%20Spies%20on%20%20Google%20and%20Yahoo%27s%20Internal%20Networks&amp;url=https%3A//www.eff.org/deeplinks/2013/10/prism-is-not-enough&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=The%20PRISM%20is%20Not%20Enough%3A%20Government%20Spies%20on%20%20Google%20and%20Yahoo%27s%20Internal%20Networks&amp;u=https%3A//www.eff.org/deeplinks/2013/10/prism-is-not-enough" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2013/10/prism-is-not-enough" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=The%20PRISM%20is%20Not%20Enough%3A%20Government%20Spies%20on%20%20Google%20and%20Yahoo%27s%20Internal%20Networks&amp;url=https%3A//www.eff.org/deeplinks/2013/10/prism-is-not-enough" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Wed, 30 Oct 2013 23:54:27 +0000Eva Galperin and Seth Schoen76830 at https://www.eff.orgCommentaryAnonymityInternationalPrivacyNSA SpyingSecurityOnline Anonymity Is Not Only for Trolls and Political Dissidentshttps://www.eff.org/deeplinks/2013/10/online-anonymity-not-only-trolls-and-political-dissidents
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><blockquote><p><i>David Plotz: People have a misguided belief in it, but, in general, the fact that anonymity is increasingly hard to get—Facebook doesn't permit it, most commenting on a lot of sites doesn't permit it—there's a loss when you don't have anonymity. </i></p>
<p><i>Emily Bazelon: Oh god, I am so not with you on this one. There is a loss if you're, like, a political dissident in Syria. If you are in this country, almost all of the time, there is a net gain for not having anonymous comments. We so err on the side of 'Oh, free speech, everywhere, everywhere, let people defame each other and not have any accountability for it.' And I think in free societies, that is generally a big mistake. And yes, you can make small exceptions for people who truly feel at risk, like victims of domestic violence are an example, but most of the time it is much healthier discourse when people have to own up to what they are saying. </i></p>
<p align="right"><i> - Slate's </i>Political Gabfest, Oct. 25, 2013</p>
</blockquote>
<p>During <a href="http://www.slate.com/articles/podcasts/gabfest/2013/10/slate_political_gabfest_transcript_dickerson_bazelon_and_plotz_talk_about.html">last week's episode</a> of <em>Slate's</em> Political Gabfest, a weekly podcast I normally adore, senior editor Emily Bazelon mocked the concept of online anonymity. Our society would be better off if everyone was forced to put their name to their words, she said, generalizing that online anonymous users are poisoning civil discourse with their largely vile and defamatory comments. She deemed only one class of user legitimately deserving of anonymity: "people who directly fear violence."</p>
<p>In this view of the Internet, everyone else's anonymity is worth sacrificing to silence the trolls.</p>
<p>It's easy to understand why some in the press have this perspective. If you work in online media, the bulk of your interactions involve news stories, which seem to draw the ugliest forms of discourse. If you're a public figure, you're faced with haters on Twitter who are obsessed with enumerating all the ways you <em>suck</em>. They're even worse in the comments on YouTube. A website, such as <em>Slate</em>, certainly has the right to determine the culture of its online community, and I don't have a position whether such sites, across the spectrum, should or should not allow anonymous comments, or even allow comments at all. I do, however, dispute this narrow vision of the Internet.</p>
<p>So, I spent the weekend brainstorming and jotting down all the kinds of people who would lose out if anonymity no longer existed in any form on the Internet.</p>
<p>Anonymity is important to:</p>
<ul><li>the people who run some of the funniest parody Twitter accounts, such as <a href="https://twitter.com/feministhulk">@FeministHulk</a> (SMASH THE PATRIARCHY!) or <a href="https://twitter.com/BPGlobalPr">@BPGlobalPr</a> during the Deepwater Horizon aftermath. San Francisco would not be better off if we knew who was behind <a href="https://twitter.com/karlthefog">@KarltheFog</a>, the most charming personification of a major city's climate phenomenon.</li>
<li>the young LGBTQ youth seeking advice online about coming out to their parents.</li>
<li>the marijuana grower who needs to ask questions on an online message board about lamps and fertilizer or complying with state law, without publicly admitting to committing a federal offense.</li>
<li>the medical patient seeking advice from other patients in coping with a chronic disease, whether it's alopecia, irritable bowel syndrome, cancer or a sexually transmitted infection.</li>
<li>the online dater, who wants to meet new people but only reveal her identities after she's determined that potential dates are not creeps.</li>
<li>the business that wants no-pulled-punches feedback from its customers.</li>
<li>the World of Warcraft player, or any other MMOG gamer, who only wants to engage with other players in character.</li>
<li>artists. Anonymity is integral to the work of The Yes Men, Banksy and Keizer.</li>
<li>the low-income neighborhood resident who wants to comment on an article about gang violence in her community, without incurring retribution in the form of spray paint and broken windows.</li>
<li>the boyfriend who doesn’t want his girlfriend to know he’s posing questions on a forum about how to pick out a wedding ring and propose. On the other end: Anonymity is important to anyone seeking advice about divorce attorneys online.</li>
<li>the youth from an orthodox religion who secretly posts reviews on hip hop albums or R-rated movies.</li>
<li>the young, pregnant woman who is seeking out advice on reproductive health services.</li>
<li>the person seeking mental health support from an online community. There's a reason that support groups so often end their names with “Anonymous.”</li>
<li>the job seeker, in pursuit of cover letter and resume advice in a business blogger's comments, who doesn't want his current employer to know he is looking for work.</li>
<li>many people's sexual lives, whether they're discussing online erotica or arranging kink meet-ups.</li>
<li>Political Gabfest listeners. Each week, the hosts encourage listeners to post comments. Of the 262 largely positive customer reviews on iTunes, only a handful see value in using their real names.</li>
</ul><p>Anonymity is important to anyone who doesn't want every facet of their online life tied to a Google search of their name. It is important to anyone who is repulsed by the idea of an unrelenting data broker logging everything she has ever said, or shown interest in, in a permanent marketing profile. And <a href="http://geekfeminism.wikia.com/wiki/Who_is_harmed_by_a_%22Real_Names%22_policy%3F">more</a>.</p>
<p>Bazelon describes anonymous comments as "generally a big mistake" for free societies. I disagree and point to <em>Common Sense </em>by Thomas Paine, originally published under the anonymous byline, “an Englishman.” (Perhaps that could be Gabfest's next Audible recommendation.)</p>
<p>To suggest anonymity should be forbidden because of troll-noise is just as bad as suggesting a ban on protesting because the only demonstrators you have ever encountered are from the Westboro Baptist Church—the trolls of the picket world. People who say otherwise need to widen their experience and understanding of the online world. The online spaces we know and love would be doomed without anonymity, even if the security of that anonymity is far from absolute or impenetrable. The ability to explore other identities, to communicate incognito, to seek out communities and advice without revealing your identity is not only a net positive, but crucial to preserving a free and open Internet.</p>
</div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Online%20Anonymity%20Is%20Not%20Only%20for%20Trolls%20and%20Political%20Dissidents&amp;url=https%3A//www.eff.org/deeplinks/2013/10/online-anonymity-not-only-trolls-and-political-dissidents&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Online%20Anonymity%20Is%20Not%20Only%20for%20Trolls%20and%20Political%20Dissidents&amp;u=https%3A//www.eff.org/deeplinks/2013/10/online-anonymity-not-only-trolls-and-political-dissidents" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2013/10/online-anonymity-not-only-trolls-and-political-dissidents" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Online%20Anonymity%20Is%20Not%20Only%20for%20Trolls%20and%20Political%20Dissidents&amp;url=https%3A//www.eff.org/deeplinks/2013/10/online-anonymity-not-only-trolls-and-political-dissidents" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div>Tue, 29 Oct 2013 15:24:14 +0000Dave Maass76793 at https://www.eff.orgFree SpeechAnonymity